TYPO3
7.6
|
Public Member Functions | |
__construct () | |
encode ($input) | |
Protected Member Functions | |
encodeCharacter ($character) | |
isImmuneCharacter ($character) | |
getHexForNonAlphanumeric ($ordinalValue) | |
Protected Attributes | |
$hexMatrix = array() | |
$immuneCharacters = array(',', '.', '_') | |
$charsetConversion = null | |
Adopted from OWASP Enterprise Security API (ESAPI) reference implementation for the JavaScript Codec. Original Author: Mike Boberski
This class provides encoding for user input that is intended to be used in a JavaScript context. It encodes all characters except alphanumericals and the immune characters to a hex representation.
Definition at line 26 of file JavaScriptEncoder.php.
__construct | ( | ) |
Populates the $hex map of non-alphanumeric single-byte characters.
Alphanumerical character are set to NULL in the matrix.
Definition at line 55 of file JavaScriptEncoder.php.
encode | ( | $input | ) |
Encodes a string for JavaScript.
string | $input | The string to encode, may be empty. |
Definition at line 73 of file JavaScriptEncoder.php.
References JavaScriptEncoder\encodeCharacter().
|
protected |
Returns backslash encoded numeric format. Does not use backslash character escapes such as, " or \' as these may cause parsing problems. For example, if a javascript attribute, such as onmouseover, contains a " that will close the entire attribute and allow an attacker to inject another script attribute.
string | $character | utf-8 character that needs to be encoded |
Definition at line 94 of file JavaScriptEncoder.php.
References JavaScriptEncoder\getHexForNonAlphanumeric(), and JavaScriptEncoder\isImmuneCharacter().
Referenced by JavaScriptEncoder\encode().
|
protected |
Returns the ordinal value as a hex string of any character that is not a single-byte alphanumeric. The character should be supplied as a string in the utf-8 character encoding. If the character is an alphanumeric character with ordinal value below 255, then this method will return NULL.
int | $ordinalValue | Ordinal value of the character |
Definition at line 136 of file JavaScriptEncoder.php.
Referenced by JavaScriptEncoder\encodeCharacter().
|
protected |
Checks if the given character is one of the immune characters
string | $character | utf-8 character to search for, must not be empty |
Definition at line 121 of file JavaScriptEncoder.php.
Referenced by JavaScriptEncoder\encodeCharacter().
|
protected |
Definition at line 48 of file JavaScriptEncoder.php.
|
protected |
Definition at line 34 of file JavaScriptEncoder.php.
|
protected |
Definition at line 41 of file JavaScriptEncoder.php.