JavaScriptEncoder Class Reference

Inheritance diagram for JavaScriptEncoder:

Public Member Functions
	__construct ()
	encode ($input)

Protected Member Functions
	encodeCharacter ($character)
	isImmuneCharacter ($character)
	getHexForNonAlphanumeric ($ordinalValue)

Protected Attributes
	$hexMatrix = array()
	$immuneCharacters = array(',', '.', '_')
	$charsetConversion = null

Detailed Description

Adopted from OWASP Enterprise Security API (ESAPI) reference implementation for the JavaScript Codec. Original Author: Mike Boberski

This class provides encoding for user input that is intended to be used in a JavaScript context. It encodes all characters except alphanumericals and the immune characters to a hex representation.

Copyright

2009-2010 The OWASP Foundation http://www.owasp.org/index.php/ESAPI

Definition at line 26 of file JavaScriptEncoder.php.

Constructor & Destructor Documentation

__construct

(

)

Populates the $hex map of non-alphanumeric single-byte characters.

Alphanumerical character are set to NULL in the matrix.

Definition at line 55 of file JavaScriptEncoder.php.

Member Function Documentation

encode

(

$input

)

Encodes a string for JavaScript.

Parameters

string

$input

The string to encode, may be empty.

Returns

string The encoded string.

Definition at line 73 of file JavaScriptEncoder.php.

References JavaScriptEncoder\encodeCharacter().

encodeCharacter (   $character )

protected

Returns backslash encoded numeric format. Does not use backslash character escapes such as, " or \' as these may cause parsing problems. For example, if a javascript attribute, such as onmouseover, contains a " that will close the entire attribute and allow an attacker to inject another script attribute.

Parameters

string

$character

utf-8 character that needs to be encoded

Returns

string encoded character

Definition at line 94 of file JavaScriptEncoder.php.

References JavaScriptEncoder\getHexForNonAlphanumeric(), and JavaScriptEncoder\isImmuneCharacter().

Referenced by JavaScriptEncoder\encode().

getHexForNonAlphanumeric (   $ordinalValue )

protected

Returns the ordinal value as a hex string of any character that is not a single-byte alphanumeric. The character should be supplied as a string in the utf-8 character encoding. If the character is an alphanumeric character with ordinal value below 255, then this method will return NULL.

Parameters

int

$ordinalValue

Ordinal value of the character

Returns

string hexadecimal ordinal value of non-alphanumeric characters or NULL otherwise.

Definition at line 136 of file JavaScriptEncoder.php.

Referenced by JavaScriptEncoder\encodeCharacter().

isImmuneCharacter (   $character )

protected

Checks if the given character is one of the immune characters

Parameters

string

$character

utf-8 character to search for, must not be empty

Returns

bool TRUE if character is immune, FALSE otherwise

Definition at line 121 of file JavaScriptEncoder.php.

Referenced by JavaScriptEncoder\encodeCharacter().

Member Data Documentation

$charsetConversion = null

protected

Definition at line 48 of file JavaScriptEncoder.php.

$hexMatrix = array()

protected

Definition at line 34 of file JavaScriptEncoder.php.

$immuneCharacters = array(',', '.', '_')

protected

Definition at line 41 of file JavaScriptEncoder.php.