From: vincent@cubedesigners.com Date: Mon, 13 Oct 2014 14:25:07 +0000 (+0000) Subject: (no commit message) X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=59fbf634b671f96f53261d68f69519f95e39a6f0;p=cubeextranet.git --- diff --git a/fluidbook/compile/_js/esapi.js b/fluidbook/compile/_js/esapi.js index 3447881e3..82e0ffcde 100644 --- a/fluidbook/compile/_js/esapi.js +++ b/fluidbook/compile/_js/esapi.js @@ -13,1814 +13,1893 @@ // Utility and Core API Methods -var $namespace = function(name, separator, container){ - var ns = name.split(separator || '.'), - o = container || window, - i, - len; - for(i = 0, len = ns.length; i < len; i++){ - o = o[ns[i]] = o[ns[i]] || {}; - } - return o; +var $namespace = function (name, separator, container) { + var ns = name.split(separator || '.'), + o = container || window, + i, + len; + for (i = 0, len = ns.length; i < len; i++) { + o = o[ns[i]] = o[ns[i]] || {}; + } + return o; }; -var $type = function( oVar, oType ) { - if ( !oVar instanceof oType ) { - throw new SyntaxError(); - } +var $type = function (oVar, oType) { + if (!oVar instanceof oType) { + throw new SyntaxError(); + } }; if (!$) { - var $ = function( sElementID ) { - return document.getElementById( sElementID ); - }; + var $ = function (sElementID) { + return document.getElementById(sElementID); + }; } if (!Array.prototype.each) { - Array.prototype.each = function(fIterator) { - if (typeof fIterator != 'function') { - throw 'Illegal Argument for Array.each'; - } - - for (var i = 0; i < this.length; i ++) { - fIterator(this[i]); - } - }; + Array.prototype.each = function (fIterator) { + if (typeof fIterator != 'function') { + throw 'Illegal Argument for Array.each'; + } + + for (var i = 0; i < this.length; i++) { + fIterator(this[i]); + } + }; } if (!Array.prototype.contains) { - Array.prototype.contains = function(srch) { - var found = false; - this.each(function(e) { - if ( ( srch.equals && srch.equals(e) ) || e == srch) { - found = true; - return; - } - }); - return found; - }; + Array.prototype.contains = function (srch) { + var found = false; + this.each(function (e) { + if ((srch.equals && srch.equals(e)) || e == srch) { + found = true; + return; + } + }); + return found; + }; } if (!Array.prototype.containsKey) { - Array.prototype.containsKey = function(srch) { - for ( var key in this ) { - if ( key.toLowerCase() == srch.toLowerCase() ) { - return true; - } - } - return false; - }; + Array.prototype.containsKey = function (srch) { + for (var key in this) { + if (key.toLowerCase() == srch.toLowerCase()) { + return true; + } + } + return false; + }; } if (!Array.prototype.getCaseInsensitive) { - Array.prototype.getCaseInsensitive = function(key) { - for (var k in this) { - if (k.toLowerCase() == key.toLowerCase()) { - return this[k]; - } - } - return null; - }; + Array.prototype.getCaseInsensitive = function (key) { + for (var k in this) { + if (k.toLowerCase() == key.toLowerCase()) { + return this[k]; + } + } + return null; + }; } if (!String.prototype.charCodeAt) { - String.prototype.charCodeAt = function( idx ) { - var c = this.charAt(idx); - for ( var i=0;i<65536;i++) { - var s = String.fromCharCode(i); - if ( s == c ) { return i; } - } - return 0; - }; + String.prototype.charCodeAt = function (idx) { + var c = this.charAt(idx); + for (var i = 0; i < 65536; i++) { + var s = String.fromCharCode(i); + if (s == c) { + return i; + } + } + return 0; + }; } - + if (!String.prototype.endsWith) { - String.prototype.endsWith = function( test ) { - return this.substr( ( this.length - test.length ), test.length ) == test; - }; + String.prototype.endsWith = function (test) { + return this.substr((this.length - test.length), test.length) == test; + }; } // Declare Core Exceptions -if ( !Exception ) { - var Exception = function( sMsg, oException ) { - this.cause = oException; - this.errorMessage = sMsg; - }; - - Exception.prototype = Error.prototype; - - Exception.prototype.getCause = function() { return this.cause; }; - - Exception.prototype.getMessage = function() { return this.message; }; - - /** - * This method creates the stacktrace for the Exception only when it is called the first time and - * caches it for access after that. Since building a stacktrace is a fairly expensive process, we - * only want to do it if it is called. - */ - Exception.prototype.getStackTrace = function() { - if ( this.callstack ) { - return this.callstack; - } - - if ( this.stack ) { // Mozilla - var lines = stack.split("\n"); - for ( var i=0, len=lines.length; i" ); - } else if ( writer.innerText ) { - writer.innerText = out.replace( "|||", "
" ); - } else if ( writer.append ) { - writer.append( out.replace( "|||", "\n" ) ); - } else if ( writer instanceof Function ) { - writer(out.replace( "|||", "\n" ) ); - } - }; +if (!Exception) { + var Exception = function (sMsg, oException) { + this.cause = oException; + this.errorMessage = sMsg; + }; + + Exception.prototype = Error.prototype; + + Exception.prototype.getCause = function () { + return this.cause; + }; + + Exception.prototype.getMessage = function () { + return this.message; + }; + + /** + * This method creates the stacktrace for the Exception only when it is called the first time and + * caches it for access after that. Since building a stacktrace is a fairly expensive process, we + * only want to do it if it is called. + */ + Exception.prototype.getStackTrace = function () { + if (this.callstack) { + return this.callstack; + } + + if (this.stack) { // Mozilla + var lines = stack.split("\n"); + for (var i = 0, len = lines.length; i < len; i++) { + if (lines[i].match(/^\s*[A-Za-z0-9\=+\$]+\(/)) { + this.callstack.push(lines[i]); + } + } + this.callstack.shift(); + return this.callstack; + } + else if (window.opera && this.message) { // Opera + var lines = this.message.split('\n'); + for (var i = 0, len = lines.length; i < len; i++) { + if (lines[i].match(/^\s*[A-Za-z0-9\=+\$]+\(/)) { + var entry = lines[i]; + if (lines[i + 1]) { + entry += " at " + lines[i + 1]; + i++; + } + this.callstack.push(entry); + } + } + this.callstack.shift(); + return this.callstack; + } + else { // IE and Safari + var currentFunction = arguments.callee.caller; + while (currentFunction) { + var fn = currentFunction.toString(); + var fname = fn.substring(fn.indexOf("function") + 8, fn.indexOf("(")) || "anonymous"; + this.callstack.push(fname); + currentFunction = currentFunction.caller; + } + return this.callstack; + } + }; + + Exception.prototype.printStackTrace = function (writer) { + var out = this.getMessage() + "|||" + this.getStackTrace().join("|||"); + + if (this.cause) { + if (this.cause.printStackTrace) { + out += "||||||Caused by " + this.cause.printStackTrace().replace("\n", "|||"); + } + } + + if (!writer) { + return writer.replace("|||", "\n"); + } else if (writer.value) { + writer.value = out.replace("|||", "\n"); + } else if (writer.writeln) { + writer.writeln(out.replace("|||", "\n")); + } else if (writer.innerHTML) { + writer.innerHTML = out.replace("|||", "
"); + } else if (writer.innerText) { + writer.innerText = out.replace("|||", "
"); + } else if (writer.append) { + writer.append(out.replace("|||", "\n")); + } else if (writer instanceof Function) { + writer(out.replace("|||", "\n")); + } + }; } -if ( !RuntimeException ) { - var RuntimeException = Exception; +if (!RuntimeException) { + var RuntimeException = Exception; } -if ( !IllegalArgumentException ) { - var IllegalArgumentException = Exception; +if (!IllegalArgumentException) { + var IllegalArgumentException = Exception; } -if ( !DateFormat ) { - // Based on http://jacwright.com/projects/javascript/date_format - var DateFormat = function( sFmt ) { - - var fmt = sFmt; - - var replaceChars = { - longMonths: [ "January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December" ], - shortMonths: [ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" ], - longDays: [ "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday" ], - shortDays: [ "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" ], - - // Day - d: function(date) { return (date.getDate() < 10 ? '0' : '') + date.getDate(); }, - D: function(date) { return replaceChars.shortDays[date.getDay()]; }, - j: function(date) { return date.getDate(); }, - l: function(date) { return replaceChars.longDays[date.getDay()]; }, - N: function(date) { return date.getDay() + 1; }, - S: function(date) { return (date.getDate() % 10 == 1 && date.getDate() != 11 ? 'st' : (date.getDate() % 10 == 2 && date.getDate() != 12 ? 'nd' : (date.getDate() % 10 == 3 && date.getDate() != 13 ? 'rd' : 'th'))); }, - w: function(date) { return date.getDay(); }, - z: function(date) { return "Not Yet Supported"; }, - // Week - W: function(date) { return "Not Yet Supported"; }, - // Month - F: function(date) { return replaceChars.longMonths[date.getMonth()]; }, - m: function(date) { return (date.getMonth() < 9 ? '0' : '') + (date.getMonth() + 1); }, - M: function(date) { return replaceChars.shortMonths[date.getMonth()]; }, - n: function(date) { return date.getMonth() + 1; }, - t: function(date) { return "Not Yet Supported"; }, - // Year - L: function(date) { return (((date.getFullYear()%4==0)&&(date.getFullYear()%100 != 0)) || (date.getFullYear()%400==0)) ? '1' : '0'; }, - o: function(date) { return "Not Supported"; }, - Y: function(date) { return date.getFullYear(); }, - y: function(date) { return ('' + date.getFullYear()).substr(2); }, - // Time - a: function(date) { return date.getHours() < 12 ? 'am' : 'pm'; }, - A: function(date) { return date.getHours() < 12 ? 'AM' : 'PM'; }, - B: function(date) { return "Not Yet Supported"; }, - g: function(date) { return date.getHours() % 12 || 12; }, - G: function(date) { return date.getHours(); }, - h: function(date) { return ((date.getHours() % 12 || 12) < 10 ? '0' : '') + (date.getHours() % 12 || 12); }, - H: function(date) { return (date.getHours() < 10 ? '0' : '') + date.getHours(); }, - i: function(date) { return (date.getMinutes() < 10 ? '0' : '') + date.getMinutes(); }, - s: function(date) { return (date.getSeconds() < 10 ? '0' : '') + date.getSeconds(); }, - // Timezone - e: function(date) { return "Not Yet Supported"; }, - I: function(date) { return "Not Supported"; }, - O: function(date) { return (-date.getTimezoneOffset() < 0 ? '-' : '+') + (Math.abs(date.getTimezoneOffset() / 60) < 10 ? '0' : '') + (Math.abs(date.getTimezoneOffset() / 60)) + '00'; }, - P: function(date) { return (-date.getTimezoneOffset() < 0 ? '-' : '+') + (Math.abs(date.getTimezoneOffset() / 60) < 10 ? '0' : '') + (Math.abs(date.getTimezoneOffset() / 60)) + ':' + (Math.abs(date.getTimezoneOffset() % 60) < 10 ? '0' : '') + (Math.abs(date.getTimezoneOffset() % 60)); }, - T: function(date) { var m = date.getMonth(); date.setMonth(0); var result = date.toTimeString().replace(/^.+ \(?([^\)]+)\)?$/, '$1'); date.setMonth(m); return result;}, - Z: function(date) { return -date.getTimezoneOffset() * 60; }, - // Full Date/Time - c: function(date) { return date.format("Y-m-d") + "T" + date.format("H:i:sP"); }, - r: function(date) { return date.toString(); }, - U: function(date) { return date.getTime() / 1000; } - }; - - - return { - format: function(oDate) { - var out = ''; - for(var i=0;i parameters.length) { - throw new IllegalArgumentException("Attempt to set parameter: " + iIndex + " on a PreparedString with only " + parameters.length + " placeholders"); - } - if (!codec) { - codec = oCodec; - } - parameters[iIndex - 1] = codec.encode([], sValue); - }, - - toString: function() { - for (var ix = 0; ix < parameters.length; ix ++) { - if (parameters[ix] == null) { - throw new RuntimeException("Attempt to render PreparedString without setting parameter " + (ix + 1)); - } - } - var out = '', i = 0; - for (var p = 0; p < parts.length; p ++) { - out += parts[p]; - if (i < parameters.length) { - out += parameters[i++]; - } - } - return out; - } - }; +org.owasp.esapi.PreparedString = function (sTemplate, oCodec, sParameterCharacter) { + // Private Scope + var parts = []; + var parameters = []; + + function split(s) { + var idx = 0, pcount = 0; + for (var i = 0; i < s.length; i++) { + if (s.charAt(i) == sParameterCharacter) { + pcount++; + parts.push(s.substr(idx, i)); + idx = i + 1; + } + } + parts.push(s.substr(idx)); + parameters = new Array(pcount); + } + + ; + + if (!sParameterCharacter) { + sParameterCharacter = '?'; + } + + split(sTemplate); + + return { + set: function (iIndex, sValue, codec) { + if (iIndex < 1 || iIndex > parameters.length) { + throw new IllegalArgumentException("Attempt to set parameter: " + iIndex + " on a PreparedString with only " + parameters.length + " placeholders"); + } + if (!codec) { + codec = oCodec; + } + parameters[iIndex - 1] = codec.encode([], sValue); + }, + toString: function () { + for (var ix = 0; ix < parameters.length; ix++) { + if (parameters[ix] == null) { + throw new RuntimeException("Attempt to render PreparedString without setting parameter " + (ix + 1)); + } + } + var out = '', i = 0; + for (var p = 0; p < parts.length; p++) { + out += parts[p]; + if (i < parameters.length) { + out += parameters[i++]; + } + } + return out; + } + }; }; $namespace('org.owasp.esapi'); -org.owasp.esapi.ValidationErrorList = function() { - var errorList = Array(); - - return { - addError: function( sContext, oValidationException ) { - if ( sContext == null ) throw new RuntimeException( "Context cannot be null: " + oValidationException.getLogMessage(), oValidationException ); - if ( oValidationException == null ) throw new RuntimeException( "Context (" + sContext + ") - Error cannot be null" ); - if ( errorList[sContext] ) throw new RuntimeException( "Context (" + sContext + ") already exists. must be unique." ); - errorList[sContext] = oValidationException; - }, - - errors: function() { - return errorList; - }, - - isEmpty: function() { - return errorList.length == 0; - }, - - size: function() { - return errorList.length; - } - }; +org.owasp.esapi.ValidationErrorList = function () { + var errorList = Array(); + + return { + addError: function (sContext, oValidationException) { + if (sContext == null) + throw new RuntimeException("Context cannot be null: " + oValidationException.getLogMessage(), oValidationException); + if (oValidationException == null) + throw new RuntimeException("Context (" + sContext + ") - Error cannot be null"); + if (errorList[sContext]) + throw new RuntimeException("Context (" + sContext + ") already exists. must be unique."); + errorList[sContext] = oValidationException; + }, + errors: function () { + return errorList; + }, + isEmpty: function () { + return errorList.length == 0; + }, + size: function () { + return errorList.length; + } + }; }; $namespace('org.owasp.esapi'); -org.owasp.esapi.ValidationRule = function() { - return { - getValid: false, - setAllowNull: false, - getTypeName: false, - setTypeName: false, - setEncoder: false, - assertValid: false, - getSafe: false, - isValid: false, - whitelist: false - }; +org.owasp.esapi.ValidationRule = function () { + return { + getValid: false, + setAllowNull: false, + getTypeName: false, + setTypeName: false, + setEncoder: false, + assertValid: false, + getSafe: false, + isValid: false, + whitelist: false + }; }; $namespace('org.owasp.esapi'); -org.owasp.esapi.Validator = function() { - return { - addRule: false, - getRule: false, - getValidInput: false, - isValidDate: false, - getValidDate: false, - isValidSafeHTML: false, - getValidSafeHTML: false, - isValidCreditCard: false, - getValidCreditCard: false, - isValidFilename: false, - getValidFilename: false, - isValidNumber: false, - getValidNumber: false, - isValidPrintable: false, - getValidPrintable: false - }; +org.owasp.esapi.Validator = function () { + return { + addRule: false, + getRule: false, + getValidInput: false, + isValidDate: false, + getValidDate: false, + isValidSafeHTML: false, + getValidSafeHTML: false, + isValidCreditCard: false, + getValidCreditCard: false, + isValidFilename: false, + getValidFilename: false, + isValidNumber: false, + getValidNumber: false, + isValidPrintable: false, + getValidPrintable: false + }; }; $namespace('org.owasp.esapi.codecs.Base64'); org.owasp.esapi.codecs.Base64 = { - _keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", - - encode: function(sInput) { - if (!sInput) { - return null; - } - - var out = ''; - var ch1,ch2,ch3,enc1,enc2,enc3,enc4; - var i = 0; - - var input = org.owasp.esapi.codecs.UTF8.encode(sInput); - - while (i < input.length) { - ch1 = input.charCodeAt(i++); - ch2 = input.charCodeAt(i++); - ch3 = input.charCodeAt(i++); - - enc1 = ch1 >> 2; - enc2 = ((ch1 & 3) << 4) | (ch2 >> 4); - enc3 = ((ch2 & 15) << 2) | (ch3 >> 6); - enc4 = ch3 & 63; - - if (isNaN(ch2)) { - enc3 = enc4 = 64; - } - else if (isNaN(ch3)) { - enc4 = 64; - } - - out += this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) + this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4); - } - - return out; - }, - - decode: function(sInput) { - if (!sInput) { - return null; - } - - var out = ''; - var ch1, ch2, ch3, enc1, enc2, enc3, enc4; - var i = 0; - - var input = sInput.replace(/[^A-Za-z0-9\+\/\=]/g, ""); - - while (i < input.length) { - enc1 = this._keyStr.indexOf(input.charAt(i++)); - enc2 = this._keyStr.indexOf(input.charAt(i++)); - enc3 = this._keyStr.indexOf(input.charAt(i++)); - enc4 = this._keyStr.indexOf(input.charAt(i++)); - - ch1 = (enc1 << 2) | (enc2 >> 4); - ch2 = ((enc2 & 15) << 4) | (enc3 >> 2); - ch3 = ((enc3 & 3) << 6) | enc4; - - out += String.fromCharCode(ch1); - if (enc3 != 64) { - out += String.fromCharCode(ch2); - } - if (enc4 != 64) { - out += String.fromCharCode(ch3); - } - } - - out = org.owasp.esapi.codecs.UTF8.decode(out); - return out; - } + _keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", + encode: function (sInput) { + if (!sInput) { + return null; + } + + var out = ''; + var ch1, ch2, ch3, enc1, enc2, enc3, enc4; + var i = 0; + + var input = org.owasp.esapi.codecs.UTF8.encode(sInput); + + while (i < input.length) { + ch1 = input.charCodeAt(i++); + ch2 = input.charCodeAt(i++); + ch3 = input.charCodeAt(i++); + + enc1 = ch1 >> 2; + enc2 = ((ch1 & 3) << 4) | (ch2 >> 4); + enc3 = ((ch2 & 15) << 2) | (ch3 >> 6); + enc4 = ch3 & 63; + + if (isNaN(ch2)) { + enc3 = enc4 = 64; + } + else if (isNaN(ch3)) { + enc4 = 64; + } + + out += this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) + this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4); + } + + return out; + }, + decode: function (sInput) { + if (!sInput) { + return null; + } + + var out = ''; + var ch1, ch2, ch3, enc1, enc2, enc3, enc4; + var i = 0; + + var input = sInput.replace(/[^A-Za-z0-9\+\/\=]/g, ""); + + while (i < input.length) { + enc1 = this._keyStr.indexOf(input.charAt(i++)); + enc2 = this._keyStr.indexOf(input.charAt(i++)); + enc3 = this._keyStr.indexOf(input.charAt(i++)); + enc4 = this._keyStr.indexOf(input.charAt(i++)); + + ch1 = (enc1 << 2) | (enc2 >> 4); + ch2 = ((enc2 & 15) << 4) | (enc3 >> 2); + ch3 = ((enc3 & 3) << 6) | enc4; + + out += String.fromCharCode(ch1); + if (enc3 != 64) { + out += String.fromCharCode(ch2); + } + if (enc4 != 64) { + out += String.fromCharCode(ch3); + } + } + + out = org.owasp.esapi.codecs.UTF8.decode(out); + return out; + } }; $namespace('org.owasp.esapi.codecs'); -org.owasp.esapi.codecs.CSSCodec = function() { - var _super = new org.owasp.esapi.codecs.Codec(); - - return { - encode: _super.encode, - - decode: _super.decode, - - encodeCharacter: function(aImmune, c) { - if (aImmune.contains(c)) { - return c; - } - - var hex = org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric(c); - if (hex == null) { - return c; - } - - return "\\" + hex + " "; - }, - - decodeCharacter: function(oPushbackString) { - oPushbackString.mark(); - var first = oPushbackString.next(); - if (first == null) { - oPushbackString.reset(); - return null; - } - - if (first != '\\') { - oPushbackString.reset(); - return null; - } - - var second = oPushbackString.next(); - if (second == null) { - oPushbackString.reset(); - return null; - } - - if (oPushbackString.isHexDigit(second)) { - var out = second; - for (var i = 0; i < 6; i ++) { - var c = oPushbackString.next(); - if (c == null || c.charCodeAt(0) == 0x20) { - break; - } - if (oPushbackString.isHexDigit(c)) { - out += c; - } else { - input.pushback(c); - break; - } - } - - try { - var n = parseInt(out, 16); - return String.fromCharCode(n); - } catch (e) { - oPushbackString.reset(); - return null; - } - } - - return second; - } - }; +org.owasp.esapi.codecs.CSSCodec = function () { + var _super = new org.owasp.esapi.codecs.Codec(); + + return { + encode: _super.encode, + decode: _super.decode, + encodeCharacter: function (aImmune, c) { + if (aImmune.contains(c)) { + return c; + } + + var hex = org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric(c); + if (hex == null) { + return c; + } + + return "\\" + hex + " "; + }, + decodeCharacter: function (oPushbackString) { + oPushbackString.mark(); + var first = oPushbackString.next(); + if (first == null) { + oPushbackString.reset(); + return null; + } + + if (first != '\\') { + oPushbackString.reset(); + return null; + } + + var second = oPushbackString.next(); + if (second == null) { + oPushbackString.reset(); + return null; + } + + if (oPushbackString.isHexDigit(second)) { + var out = second; + for (var i = 0; i < 6; i++) { + var c = oPushbackString.next(); + if (c == null || c.charCodeAt(0) == 0x20) { + break; + } + if (oPushbackString.isHexDigit(c)) { + out += c; + } else { + input.pushback(c); + break; + } + } + + try { + var n = parseInt(out, 16); + return String.fromCharCode(n); + } catch (e) { + oPushbackString.reset(); + return null; + } + } + + return second; + } + }; }; $namespace('org.owasp.esapi.codecs'); -org.owasp.esapi.codecs.Codec = function() { - return { - /** - * Encode a String so that it can be safely used in a specific context. - * - * @param aImmune - * array of immune characters - * @param sInput - * the String to encode - * @return the encoded String - */ - encode: function(aImmune, sInput) { - var out = ''; - for (var i = 0; i < sInput.length; i ++) { - var c = sInput.charAt(i); - out += this.encodeCharacter(aImmune, c); - } - return out; - }, - - /** - * Default implementation that should be overridden in specific codecs. - * - * @param aImmune - * array of immune characters - * @param c - * the Character to encode - * @return - * the encoded Character - */ - encodeCharacter: function(aImmune, c) { - return c; - }, - - /** - * Decode a String that was encoded using the encode method in this Class - * - * @param sInput - * the String to decode - * @return - * the decoded String - */ - decode: function(sInput) { - var out = ''; - var pbs = new org.owasp.esapi.codecs.PushbackString(sInput); - while (pbs.hasNext()) { - var c = this.decodeCharacter(pbs); - if (c != null) { - out += c; - } else { - out += pbs.next(); - } - } - return out; - }, - - /** - * Returns the decoded version of the next character from the input string and advances the - * current character in the PushbackString. If the current character is not encoded, this - * method MUST reset the PushbackString. - * - * @param oPushbackString the Character to decode - * @return the decoded Character - */ - decodeCharacter: function(oPushbackString) { - return oPushbackString.next(); - } - }; +org.owasp.esapi.codecs.Codec = function () { + return { + /** + * Encode a String so that it can be safely used in a specific context. + * + * @param aImmune + * array of immune characters + * @param sInput + * the String to encode + * @return the encoded String + */ + encode: function (aImmune, sInput) { + var out = ''; + for (var i = 0; i < sInput.length; i++) { + var c = sInput.charAt(i); + out += this.encodeCharacter(aImmune, c); + } + return out; + }, + /** + * Default implementation that should be overridden in specific codecs. + * + * @param aImmune + * array of immune characters + * @param c + * the Character to encode + * @return + * the encoded Character + */ + encodeCharacter: function (aImmune, c) { + return c; + }, + /** + * Decode a String that was encoded using the encode method in this Class + * + * @param sInput + * the String to decode + * @return + * the decoded String + */ + decode: function (sInput) { + var out = ''; + var pbs = new org.owasp.esapi.codecs.PushbackString(sInput); + while (pbs.hasNext()) { + var c = this.decodeCharacter(pbs); + if (c != null) { + out += c; + } else { + out += pbs.next(); + } + } + return out; + }, + /** + * Returns the decoded version of the next character from the input string and advances the + * current character in the PushbackString. If the current character is not encoded, this + * method MUST reset the PushbackString. + * + * @param oPushbackString the Character to decode + * @return the decoded Character + */ + decodeCharacter: function (oPushbackString) { + return oPushbackString.next(); + } + }; }; -org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric = function(c) { - if (c.charCodeAt(0) < 256) { - return org.owasp.esapi.codecs.Codec.hex[c.charCodeAt(0)]; - } - return c.charCodeAt(0).toString(16); +org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric = function (c) { + if (c.charCodeAt(0) < 256) { + return org.owasp.esapi.codecs.Codec.hex[c.charCodeAt(0)]; + } + return c.charCodeAt(0).toString(16); }; org.owasp.esapi.codecs.Codec.hex = []; -for ( var c = 0; c < 0xFF; c ++ ) { - if ( c >= 0x30 && c <= 0x39 || c>= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) { - org.owasp.esapi.codecs.Codec.hex[c] = null; - } else { - org.owasp.esapi.codecs.Codec.hex[c] = c.toString(16); - } -}; +for (var c = 0; c < 0xFF; c++) { + if (c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A) { + org.owasp.esapi.codecs.Codec.hex[c] = null; + } else { + org.owasp.esapi.codecs.Codec.hex[c] = c.toString(16); + } +} +; var entityToCharacterMap = []; -entityToCharacterMap["""] = "34"; /* 34 : quotation mark */ -entityToCharacterMap["&"] = "38"; /* 38 : ampersand */ -entityToCharacterMap["<"] = "60"; /* 60 : less-than sign */ -entityToCharacterMap[">"] = "62"; /* 62 : greater-than sign */ -entityToCharacterMap[" "] = "160"; /* 160 : no-break space */ -entityToCharacterMap["¡"] = "161"; /* 161 : inverted exclamation mark */ -entityToCharacterMap["¢"] = "162"; /* 162 : cent sign */ -entityToCharacterMap["£"] = "163"; /* 163 : pound sign */ -entityToCharacterMap["¤"] = "164"; /* 164 : currency sign */ -entityToCharacterMap["¥"] = "165"; /* 165 : yen sign */ -entityToCharacterMap["¦"] = "166"; /* 166 : broken bar */ -entityToCharacterMap["§"] = "167"; /* 167 : section sign */ -entityToCharacterMap["¨"] = "168"; /* 168 : diaeresis */ -entityToCharacterMap["©"] = "169"; /* 169 : copyright sign */ -entityToCharacterMap["ª"] = "170"; /* 170 : feminine ordinal indicator */ -entityToCharacterMap["«"] = "171"; /* 171 : left-pointing double angle quotation mark */ -entityToCharacterMap["¬"] = "172"; /* 172 : not sign */ -entityToCharacterMap["­"] = "173"; /* 173 : soft hyphen */ -entityToCharacterMap["®"] = "174"; /* 174 : registered sign */ -entityToCharacterMap["¯"] = "175"; /* 175 : macron */ -entityToCharacterMap["°"] = "176"; /* 176 : degree sign */ -entityToCharacterMap["±"] = "177"; /* 177 : plus-minus sign */ -entityToCharacterMap["²"] = "178"; /* 178 : superscript two */ -entityToCharacterMap["³"] = "179"; /* 179 : superscript three */ -entityToCharacterMap["´"] = "180"; /* 180 : acute accent */ -entityToCharacterMap["µ"] = "181"; /* 181 : micro sign */ -entityToCharacterMap["¶"] = "182"; /* 182 : pilcrow sign */ -entityToCharacterMap["·"] = "183"; /* 183 : middle dot */ -entityToCharacterMap["¸"] = "184"; /* 184 : cedilla */ -entityToCharacterMap["¹"] = "185"; /* 185 : superscript one */ -entityToCharacterMap["º"] = "186"; /* 186 : masculine ordinal indicator */ -entityToCharacterMap["»"] = "187"; /* 187 : right-pointing double angle quotation mark */ -entityToCharacterMap["¼"] = "188"; /* 188 : vulgar fraction one quarter */ -entityToCharacterMap["½"] = "189"; /* 189 : vulgar fraction one half */ -entityToCharacterMap["¾"] = "190"; /* 190 : vulgar fraction three quarters */ -entityToCharacterMap["¿"] = "191"; /* 191 : inverted question mark */ -entityToCharacterMap["À"] = "192"; /* 192 : Latin capital letter a with grave */ -entityToCharacterMap["Á"] = "193"; /* 193 : Latin capital letter a with acute */ -entityToCharacterMap["Â"] = "194"; /* 194 : Latin capital letter a with circumflex */ -entityToCharacterMap["Ã"] = "195"; /* 195 : Latin capital letter a with tilde */ -entityToCharacterMap["Ä"] = "196"; /* 196 : Latin capital letter a with diaeresis */ -entityToCharacterMap["Å"] = "197"; /* 197 : Latin capital letter a with ring above */ -entityToCharacterMap["Æ"] = "198"; /* 198 : Latin capital letter ae */ -entityToCharacterMap["Ç"] = "199"; /* 199 : Latin capital letter c with cedilla */ -entityToCharacterMap["È"] = "200"; /* 200 : Latin capital letter e with grave */ -entityToCharacterMap["É"] = "201"; /* 201 : Latin capital letter e with acute */ -entityToCharacterMap["Ê"] = "202"; /* 202 : Latin capital letter e with circumflex */ -entityToCharacterMap["Ë"] = "203"; /* 203 : Latin capital letter e with diaeresis */ -entityToCharacterMap["Ì"] = "204"; /* 204 : Latin capital letter i with grave */ -entityToCharacterMap["Í"] = "205"; /* 205 : Latin capital letter i with acute */ -entityToCharacterMap["Î"] = "206"; /* 206 : Latin capital letter i with circumflex */ -entityToCharacterMap["Ï"] = "207"; /* 207 : Latin capital letter i with diaeresis */ -entityToCharacterMap["Ð"] = "208"; /* 208 : Latin capital letter eth */ -entityToCharacterMap["Ñ"] = "209"; /* 209 : Latin capital letter n with tilde */ -entityToCharacterMap["Ò"] = "210"; /* 210 : Latin capital letter o with grave */ -entityToCharacterMap["Ó"] = "211"; /* 211 : Latin capital letter o with acute */ -entityToCharacterMap["Ô"] = "212"; /* 212 : Latin capital letter o with circumflex */ -entityToCharacterMap["Õ"] = "213"; /* 213 : Latin capital letter o with tilde */ -entityToCharacterMap["Ö"] = "214"; /* 214 : Latin capital letter o with diaeresis */ -entityToCharacterMap["×"] = "215"; /* 215 : multiplication sign */ -entityToCharacterMap["Ø"] = "216"; /* 216 : Latin capital letter o with stroke */ -entityToCharacterMap["Ù"] = "217"; /* 217 : Latin capital letter u with grave */ -entityToCharacterMap["Ú"] = "218"; /* 218 : Latin capital letter u with acute */ -entityToCharacterMap["Û"] = "219"; /* 219 : Latin capital letter u with circumflex */ -entityToCharacterMap["Ü"] = "220"; /* 220 : Latin capital letter u with diaeresis */ -entityToCharacterMap["Ý"] = "221"; /* 221 : Latin capital letter y with acute */ -entityToCharacterMap["Þ"] = "222"; /* 222 : Latin capital letter thorn */ -entityToCharacterMap["ß"] = "223"; /* 223 : Latin small letter sharp s, German Eszett */ -entityToCharacterMap["à"] = "224"; /* 224 : Latin small letter a with grave */ -entityToCharacterMap["á"] = "225"; /* 225 : Latin small letter a with acute */ -entityToCharacterMap["â"] = "226"; /* 226 : Latin small letter a with circumflex */ -entityToCharacterMap["ã"] = "227"; /* 227 : Latin small letter a with tilde */ -entityToCharacterMap["ä"] = "228"; /* 228 : Latin small letter a with diaeresis */ -entityToCharacterMap["å"] = "229"; /* 229 : Latin small letter a with ring above */ -entityToCharacterMap["æ"] = "230"; /* 230 : Latin lowercase ligature ae */ -entityToCharacterMap["ç"] = "231"; /* 231 : Latin small letter c with cedilla */ -entityToCharacterMap["è"] = "232"; /* 232 : Latin small letter e with grave */ -entityToCharacterMap["é"] = "233"; /* 233 : Latin small letter e with acute */ -entityToCharacterMap["ê"] = "234"; /* 234 : Latin small letter e with circumflex */ -entityToCharacterMap["ë"] = "235"; /* 235 : Latin small letter e with diaeresis */ -entityToCharacterMap["ì"] = "236"; /* 236 : Latin small letter i with grave */ -entityToCharacterMap["í"] = "237"; /* 237 : Latin small letter i with acute */ -entityToCharacterMap["î"] = "238"; /* 238 : Latin small letter i with circumflex */ -entityToCharacterMap["ï"] = "239"; /* 239 : Latin small letter i with diaeresis */ -entityToCharacterMap["ð"] = "240"; /* 240 : Latin small letter eth */ -entityToCharacterMap["ñ"] = "241"; /* 241 : Latin small letter n with tilde */ -entityToCharacterMap["ò"] = "242"; /* 242 : Latin small letter o with grave */ -entityToCharacterMap["ó"] = "243"; /* 243 : Latin small letter o with acute */ -entityToCharacterMap["ô"] = "244"; /* 244 : Latin small letter o with circumflex */ -entityToCharacterMap["õ"] = "245"; /* 245 : Latin small letter o with tilde */ -entityToCharacterMap["ö"] = "246"; /* 246 : Latin small letter o with diaeresis */ -entityToCharacterMap["÷"] = "247"; /* 247 : division sign */ -entityToCharacterMap["ø"] = "248"; /* 248 : Latin small letter o with stroke */ -entityToCharacterMap["ù"] = "249"; /* 249 : Latin small letter u with grave */ -entityToCharacterMap["ú"] = "250"; /* 250 : Latin small letter u with acute */ -entityToCharacterMap["û"] = "251"; /* 251 : Latin small letter u with circumflex */ -entityToCharacterMap["ü"] = "252"; /* 252 : Latin small letter u with diaeresis */ -entityToCharacterMap["ý"] = "253"; /* 253 : Latin small letter y with acute */ -entityToCharacterMap["þ"] = "254"; /* 254 : Latin small letter thorn */ -entityToCharacterMap["ÿ"] = "255"; /* 255 : Latin small letter y with diaeresis */ -entityToCharacterMap["&OElig"] = "338"; /* 338 : Latin capital ligature oe */ -entityToCharacterMap["&oelig"] = "339"; /* 339 : Latin small ligature oe */ -entityToCharacterMap["&Scaron"] = "352"; /* 352 : Latin capital letter s with caron */ -entityToCharacterMap["&scaron"] = "353"; /* 353 : Latin small letter s with caron */ -entityToCharacterMap["&Yuml"] = "376"; /* 376 : Latin capital letter y with diaeresis */ -entityToCharacterMap["&fnof"] = "402"; /* 402 : Latin small letter f with hook */ -entityToCharacterMap["&circ"] = "710"; /* 710 : modifier letter circumflex accent */ -entityToCharacterMap["&tilde"] = "732"; /* 732 : small tilde */ -entityToCharacterMap["&Alpha"] = "913"; /* 913 : Greek capital letter alpha */ -entityToCharacterMap["&Beta"] = "914"; /* 914 : Greek capital letter beta */ -entityToCharacterMap["&Gamma"] = "915"; /* 915 : Greek capital letter gamma */ -entityToCharacterMap["&Delta"] = "916"; /* 916 : Greek capital letter delta */ -entityToCharacterMap["&Epsilon"] = "917"; /* 917 : Greek capital letter epsilon */ -entityToCharacterMap["&Zeta"] = "918"; /* 918 : Greek capital letter zeta */ -entityToCharacterMap["&Eta"] = "919"; /* 919 : Greek capital letter eta */ -entityToCharacterMap["&Theta"] = "920"; /* 920 : Greek capital letter theta */ -entityToCharacterMap["&Iota"] = "921"; /* 921 : Greek capital letter iota */ -entityToCharacterMap["&Kappa"] = "922"; /* 922 : Greek capital letter kappa */ -entityToCharacterMap["&Lambda"] = "923"; /* 923 : Greek capital letter lambda */ -entityToCharacterMap["&Mu"] = "924"; /* 924 : Greek capital letter mu */ -entityToCharacterMap["&Nu"] = "925"; /* 925 : Greek capital letter nu */ -entityToCharacterMap["&Xi"] = "926"; /* 926 : Greek capital letter xi */ -entityToCharacterMap["&Omicron"] = "927"; /* 927 : Greek capital letter omicron */ -entityToCharacterMap["&Pi"] = "928"; /* 928 : Greek capital letter pi */ -entityToCharacterMap["&Rho"] = "929"; /* 929 : Greek capital letter rho */ -entityToCharacterMap["&Sigma"] = "931"; /* 931 : Greek capital letter sigma */ -entityToCharacterMap["&Tau"] = "932"; /* 932 : Greek capital letter tau */ -entityToCharacterMap["&Upsilon"] = "933"; /* 933 : Greek capital letter upsilon */ -entityToCharacterMap["&Phi"] = "934"; /* 934 : Greek capital letter phi */ -entityToCharacterMap["&Chi"] = "935"; /* 935 : Greek capital letter chi */ -entityToCharacterMap["&Psi"] = "936"; /* 936 : Greek capital letter psi */ -entityToCharacterMap["&Omega"] = "937"; /* 937 : Greek capital letter omega */ -entityToCharacterMap["&alpha"] = "945"; /* 945 : Greek small letter alpha */ -entityToCharacterMap["&beta"] = "946"; /* 946 : Greek small letter beta */ -entityToCharacterMap["&gamma"] = "947"; /* 947 : Greek small letter gamma */ -entityToCharacterMap["&delta"] = "948"; /* 948 : Greek small letter delta */ -entityToCharacterMap["&epsilon"] = "949"; /* 949 : Greek small letter epsilon */ -entityToCharacterMap["&zeta"] = "950"; /* 950 : Greek small letter zeta */ -entityToCharacterMap["&eta"] = "951"; /* 951 : Greek small letter eta */ -entityToCharacterMap["&theta"] = "952"; /* 952 : Greek small letter theta */ -entityToCharacterMap["&iota"] = "953"; /* 953 : Greek small letter iota */ -entityToCharacterMap["&kappa"] = "954"; /* 954 : Greek small letter kappa */ -entityToCharacterMap["&lambda"] = "955"; /* 955 : Greek small letter lambda */ -entityToCharacterMap["&mu"] = "956"; /* 956 : Greek small letter mu */ -entityToCharacterMap["&nu"] = "957"; /* 957 : Greek small letter nu */ -entityToCharacterMap["&xi"] = "958"; /* 958 : Greek small letter xi */ -entityToCharacterMap["&omicron"] = "959"; /* 959 : Greek small letter omicron */ -entityToCharacterMap["&pi"] = "960"; /* 960 : Greek small letter pi */ -entityToCharacterMap["&rho"] = "961"; /* 961 : Greek small letter rho */ -entityToCharacterMap["&sigmaf"] = "962"; /* 962 : Greek small letter final sigma */ -entityToCharacterMap["&sigma"] = "963"; /* 963 : Greek small letter sigma */ -entityToCharacterMap["&tau"] = "964"; /* 964 : Greek small letter tau */ -entityToCharacterMap["&upsilon"] = "965"; /* 965 : Greek small letter upsilon */ -entityToCharacterMap["&phi"] = "966"; /* 966 : Greek small letter phi */ -entityToCharacterMap["&chi"] = "967"; /* 967 : Greek small letter chi */ -entityToCharacterMap["&psi"] = "968"; /* 968 : Greek small letter psi */ -entityToCharacterMap["&omega"] = "969"; /* 969 : Greek small letter omega */ -entityToCharacterMap["&thetasym"] = "977"; /* 977 : Greek theta symbol */ -entityToCharacterMap["&upsih"] = "978"; /* 978 : Greek upsilon with hook symbol */ -entityToCharacterMap["&piv"] = "982"; /* 982 : Greek pi symbol */ -entityToCharacterMap["&ensp"] = "8194"; /* 8194 : en space */ -entityToCharacterMap["&emsp"] = "8195"; /* 8195 : em space */ -entityToCharacterMap["&thinsp"] = "8201"; /* 8201 : thin space */ -entityToCharacterMap["&zwnj"] = "8204"; /* 8204 : zero width non-joiner */ -entityToCharacterMap["&zwj"] = "8205"; /* 8205 : zero width joiner */ -entityToCharacterMap["&lrm"] = "8206"; /* 8206 : left-to-right mark */ -entityToCharacterMap["&rlm"] = "8207"; /* 8207 : right-to-left mark */ -entityToCharacterMap["&ndash"] = "8211"; /* 8211 : en dash */ -entityToCharacterMap["&mdash"] = "8212"; /* 8212 : em dash */ -entityToCharacterMap["&lsquo"] = "8216"; /* 8216 : left single quotation mark */ -entityToCharacterMap["&rsquo"] = "8217"; /* 8217 : right single quotation mark */ -entityToCharacterMap["&sbquo"] = "8218"; /* 8218 : single low-9 quotation mark */ -entityToCharacterMap["&ldquo"] = "8220"; /* 8220 : left double quotation mark */ -entityToCharacterMap["&rdquo"] = "8221"; /* 8221 : right double quotation mark */ -entityToCharacterMap["&bdquo"] = "8222"; /* 8222 : double low-9 quotation mark */ -entityToCharacterMap["&dagger"] = "8224"; /* 8224 : dagger */ -entityToCharacterMap["&Dagger"] = "8225"; /* 8225 : double dagger */ -entityToCharacterMap["&bull"] = "8226"; /* 8226 : bullet */ -entityToCharacterMap["&hellip"] = "8230"; /* 8230 : horizontal ellipsis */ -entityToCharacterMap["&permil"] = "8240"; /* 8240 : per mille sign */ -entityToCharacterMap["&prime"] = "8242"; /* 8242 : prime */ -entityToCharacterMap["&Prime"] = "8243"; /* 8243 : double prime */ -entityToCharacterMap["&lsaquo"] = "8249"; /* 8249 : single left-pointing angle quotation mark */ -entityToCharacterMap["&rsaquo"] = "8250"; /* 8250 : single right-pointing angle quotation mark */ -entityToCharacterMap["&oline"] = "8254"; /* 8254 : overline */ -entityToCharacterMap["&frasl"] = "8260"; /* 8260 : fraction slash */ -entityToCharacterMap["&euro"] = "8364"; /* 8364 : euro sign */ -entityToCharacterMap["&image"] = "8365"; /* 8465 : black-letter capital i */ -entityToCharacterMap["&weierp"] = "8472"; /* 8472 : script capital p, Weierstrass p */ -entityToCharacterMap["&real"] = "8476"; /* 8476 : black-letter capital r */ -entityToCharacterMap["&trade"] = "8482"; /* 8482 : trademark sign */ -entityToCharacterMap["&alefsym"] = "8501"; /* 8501 : alef symbol */ -entityToCharacterMap["&larr"] = "8592"; /* 8592 : leftwards arrow */ -entityToCharacterMap["&uarr"] = "8593"; /* 8593 : upwards arrow */ -entityToCharacterMap["&rarr"] = "8594"; /* 8594 : rightwards arrow */ -entityToCharacterMap["&darr"] = "8595"; /* 8595 : downwards arrow */ -entityToCharacterMap["&harr"] = "8596"; /* 8596 : left right arrow */ -entityToCharacterMap["&crarr"] = "8629"; /* 8629 : downwards arrow with corner leftwards */ -entityToCharacterMap["&lArr"] = "8656"; /* 8656 : leftwards double arrow */ -entityToCharacterMap["&uArr"] = "8657"; /* 8657 : upwards double arrow */ -entityToCharacterMap["&rArr"] = "8658"; /* 8658 : rightwards double arrow */ -entityToCharacterMap["&dArr"] = "8659"; /* 8659 : downwards double arrow */ -entityToCharacterMap["&hArr"] = "8660"; /* 8660 : left right double arrow */ -entityToCharacterMap["&forall"] = "8704"; /* 8704 : for all */ -entityToCharacterMap["&part"] = "8706"; /* 8706 : partial differential */ -entityToCharacterMap["&exist"] = "8707"; /* 8707 : there exists */ -entityToCharacterMap["&empty"] = "8709"; /* 8709 : empty set */ -entityToCharacterMap["&nabla"] = "8711"; /* 8711 : nabla */ -entityToCharacterMap["&isin"] = "8712"; /* 8712 : element of */ -entityToCharacterMap["¬in"] = "8713"; /* 8713 : not an element of */ -entityToCharacterMap["&ni"] = "8715"; /* 8715 : contains as member */ -entityToCharacterMap["&prod"] = "8719"; /* 8719 : n-ary product */ -entityToCharacterMap["&sum"] = "8721"; /* 8721 : n-ary summation */ -entityToCharacterMap["&minus"] = "8722"; /* 8722 : minus sign */ -entityToCharacterMap["&lowast"] = "8727"; /* 8727 : asterisk operator */ -entityToCharacterMap["&radic"] = "8730"; /* 8730 : square root */ -entityToCharacterMap["&prop"] = "8733"; /* 8733 : proportional to */ -entityToCharacterMap["&infin"] = "8734"; /* 8734 : infinity */ -entityToCharacterMap["&ang"] = "8736"; /* 8736 : angle */ -entityToCharacterMap["&and"] = "8743"; /* 8743 : logical and */ -entityToCharacterMap["&or"] = "8744"; /* 8744 : logical or */ -entityToCharacterMap["&cap"] = "8745"; /* 8745 : intersection */ -entityToCharacterMap["&cup"] = "8746"; /* 8746 : union */ -entityToCharacterMap["&int"] = "8747"; /* 8747 : integral */ -entityToCharacterMap["&there4"] = "8756"; /* 8756 : therefore */ -entityToCharacterMap["&sim"] = "8764"; /* 8764 : tilde operator */ -entityToCharacterMap["&cong"] = "8773"; /* 8773 : congruent to */ -entityToCharacterMap["&asymp"] = "8776"; /* 8776 : almost equal to */ -entityToCharacterMap["&ne"] = "8800"; /* 8800 : not equal to */ -entityToCharacterMap["&equiv"] = "8801"; /* 8801 : identical to, equivalent to */ -entityToCharacterMap["&le"] = "8804"; /* 8804 : less-than or equal to */ -entityToCharacterMap["&ge"] = "8805"; /* 8805 : greater-than or equal to */ -entityToCharacterMap["&sub"] = "8834"; /* 8834 : subset of */ -entityToCharacterMap["&sup"] = "8835"; /* 8835 : superset of */ -entityToCharacterMap["&nsub"] = "8836"; /* 8836 : not a subset of */ -entityToCharacterMap["&sube"] = "8838"; /* 8838 : subset of or equal to */ -entityToCharacterMap["&supe"] = "8839"; /* 8839 : superset of or equal to */ -entityToCharacterMap["&oplus"] = "8853"; /* 8853 : circled plus */ -entityToCharacterMap["&otimes"] = "8855"; /* 8855 : circled times */ -entityToCharacterMap["&perp"] = "8869"; /* 8869 : up tack */ -entityToCharacterMap["&sdot"] = "8901"; /* 8901 : dot operator */ -entityToCharacterMap["&lceil"] = "8968"; /* 8968 : left ceiling */ -entityToCharacterMap["&rceil"] = "8969"; /* 8969 : right ceiling */ -entityToCharacterMap["&lfloor"] = "8970"; /* 8970 : left floor */ -entityToCharacterMap["&rfloor"] = "8971"; /* 8971 : right floor */ -entityToCharacterMap["&lang"] = "9001"; /* 9001 : left-pointing angle bracket */ -entityToCharacterMap["&rang"] = "9002"; /* 9002 : right-pointing angle bracket */ -entityToCharacterMap["&loz"] = "9674"; /* 9674 : lozenge */ -entityToCharacterMap["&spades"] = "9824"; /* 9824 : black spade suit */ -entityToCharacterMap["&clubs"] = "9827"; /* 9827 : black club suit */ -entityToCharacterMap["&hearts"] = "9829"; /* 9829 : black heart suit */ -entityToCharacterMap["&diams"] = "9830"; /* 9830 : black diamond suit */ +entityToCharacterMap["""] = "34"; /* 34 : quotation mark */ +entityToCharacterMap["&"] = "38"; /* 38 : ampersand */ +entityToCharacterMap["<"] = "60"; /* 60 : less-than sign */ +entityToCharacterMap[">"] = "62"; /* 62 : greater-than sign */ +entityToCharacterMap[" "] = "160"; /* 160 : no-break space */ +entityToCharacterMap["¡"] = "161"; /* 161 : inverted exclamation mark */ +entityToCharacterMap["¢"] = "162"; /* 162 : cent sign */ +entityToCharacterMap["£"] = "163"; /* 163 : pound sign */ +entityToCharacterMap["¤"] = "164"; /* 164 : currency sign */ +entityToCharacterMap["¥"] = "165"; /* 165 : yen sign */ +entityToCharacterMap["¦"] = "166"; /* 166 : broken bar */ +entityToCharacterMap["§"] = "167"; /* 167 : section sign */ +entityToCharacterMap["¨"] = "168"; /* 168 : diaeresis */ +entityToCharacterMap["©"] = "169"; /* 169 : copyright sign */ +entityToCharacterMap["ª"] = "170"; /* 170 : feminine ordinal indicator */ +entityToCharacterMap["«"] = "171"; /* 171 : left-pointing double angle quotation mark */ +entityToCharacterMap["¬"] = "172"; /* 172 : not sign */ +entityToCharacterMap["­"] = "173"; /* 173 : soft hyphen */ +entityToCharacterMap["®"] = "174"; /* 174 : registered sign */ +entityToCharacterMap["¯"] = "175"; /* 175 : macron */ +entityToCharacterMap["°"] = "176"; /* 176 : degree sign */ +entityToCharacterMap["±"] = "177"; /* 177 : plus-minus sign */ +entityToCharacterMap["²"] = "178"; /* 178 : superscript two */ +entityToCharacterMap["³"] = "179"; /* 179 : superscript three */ +entityToCharacterMap["´"] = "180"; /* 180 : acute accent */ +entityToCharacterMap["µ"] = "181"; /* 181 : micro sign */ +entityToCharacterMap["¶"] = "182"; /* 182 : pilcrow sign */ +entityToCharacterMap["·"] = "183"; /* 183 : middle dot */ +entityToCharacterMap["¸"] = "184"; /* 184 : cedilla */ +entityToCharacterMap["¹"] = "185"; /* 185 : superscript one */ +entityToCharacterMap["º"] = "186"; /* 186 : masculine ordinal indicator */ +entityToCharacterMap["»"] = "187"; /* 187 : right-pointing double angle quotation mark */ +entityToCharacterMap["¼"] = "188"; /* 188 : vulgar fraction one quarter */ +entityToCharacterMap["½"] = "189"; /* 189 : vulgar fraction one half */ +entityToCharacterMap["¾"] = "190"; /* 190 : vulgar fraction three quarters */ +entityToCharacterMap["¿"] = "191"; /* 191 : inverted question mark */ +entityToCharacterMap["À"] = "192"; /* 192 : Latin capital letter a with grave */ +entityToCharacterMap["Á"] = "193"; /* 193 : Latin capital letter a with acute */ +entityToCharacterMap["Â"] = "194"; /* 194 : Latin capital letter a with circumflex */ +entityToCharacterMap["Ã"] = "195"; /* 195 : Latin capital letter a with tilde */ +entityToCharacterMap["Ä"] = "196"; /* 196 : Latin capital letter a with diaeresis */ +entityToCharacterMap["Å"] = "197"; /* 197 : Latin capital letter a with ring above */ +entityToCharacterMap["Æ"] = "198"; /* 198 : Latin capital letter ae */ +entityToCharacterMap["Ç"] = "199"; /* 199 : Latin capital letter c with cedilla */ +entityToCharacterMap["È"] = "200"; /* 200 : Latin capital letter e with grave */ +entityToCharacterMap["É"] = "201"; /* 201 : Latin capital letter e with acute */ +entityToCharacterMap["Ê"] = "202"; /* 202 : Latin capital letter e with circumflex */ +entityToCharacterMap["Ë"] = "203"; /* 203 : Latin capital letter e with diaeresis */ +entityToCharacterMap["Ì"] = "204"; /* 204 : Latin capital letter i with grave */ +entityToCharacterMap["Í"] = "205"; /* 205 : Latin capital letter i with acute */ +entityToCharacterMap["Î"] = "206"; /* 206 : Latin capital letter i with circumflex */ +entityToCharacterMap["Ï"] = "207"; /* 207 : Latin capital letter i with diaeresis */ +entityToCharacterMap["Ð"] = "208"; /* 208 : Latin capital letter eth */ +entityToCharacterMap["Ñ"] = "209"; /* 209 : Latin capital letter n with tilde */ +entityToCharacterMap["Ò"] = "210"; /* 210 : Latin capital letter o with grave */ +entityToCharacterMap["Ó"] = "211"; /* 211 : Latin capital letter o with acute */ +entityToCharacterMap["Ô"] = "212"; /* 212 : Latin capital letter o with circumflex */ +entityToCharacterMap["Õ"] = "213"; /* 213 : Latin capital letter o with tilde */ +entityToCharacterMap["Ö"] = "214"; /* 214 : Latin capital letter o with diaeresis */ +entityToCharacterMap["×"] = "215"; /* 215 : multiplication sign */ +entityToCharacterMap["Ø"] = "216"; /* 216 : Latin capital letter o with stroke */ +entityToCharacterMap["Ù"] = "217"; /* 217 : Latin capital letter u with grave */ +entityToCharacterMap["Ú"] = "218"; /* 218 : Latin capital letter u with acute */ +entityToCharacterMap["Û"] = "219"; /* 219 : Latin capital letter u with circumflex */ +entityToCharacterMap["Ü"] = "220"; /* 220 : Latin capital letter u with diaeresis */ +entityToCharacterMap["Ý"] = "221"; /* 221 : Latin capital letter y with acute */ +entityToCharacterMap["Þ"] = "222"; /* 222 : Latin capital letter thorn */ +entityToCharacterMap["ß"] = "223"; /* 223 : Latin small letter sharp s, German Eszett */ +entityToCharacterMap["à"] = "224"; /* 224 : Latin small letter a with grave */ +entityToCharacterMap["á"] = "225"; /* 225 : Latin small letter a with acute */ +entityToCharacterMap["â"] = "226"; /* 226 : Latin small letter a with circumflex */ +entityToCharacterMap["ã"] = "227"; /* 227 : Latin small letter a with tilde */ +entityToCharacterMap["ä"] = "228"; /* 228 : Latin small letter a with diaeresis */ +entityToCharacterMap["å"] = "229"; /* 229 : Latin small letter a with ring above */ +entityToCharacterMap["æ"] = "230"; /* 230 : Latin lowercase ligature ae */ +entityToCharacterMap["ç"] = "231"; /* 231 : Latin small letter c with cedilla */ +entityToCharacterMap["è"] = "232"; /* 232 : Latin small letter e with grave */ +entityToCharacterMap["é"] = "233"; /* 233 : Latin small letter e with acute */ +entityToCharacterMap["ê"] = "234"; /* 234 : Latin small letter e with circumflex */ +entityToCharacterMap["ë"] = "235"; /* 235 : Latin small letter e with diaeresis */ +entityToCharacterMap["ì"] = "236"; /* 236 : Latin small letter i with grave */ +entityToCharacterMap["í"] = "237"; /* 237 : Latin small letter i with acute */ +entityToCharacterMap["î"] = "238"; /* 238 : Latin small letter i with circumflex */ +entityToCharacterMap["ï"] = "239"; /* 239 : Latin small letter i with diaeresis */ +entityToCharacterMap["ð"] = "240"; /* 240 : Latin small letter eth */ +entityToCharacterMap["ñ"] = "241"; /* 241 : Latin small letter n with tilde */ +entityToCharacterMap["ò"] = "242"; /* 242 : Latin small letter o with grave */ +entityToCharacterMap["ó"] = "243"; /* 243 : Latin small letter o with acute */ +entityToCharacterMap["ô"] = "244"; /* 244 : Latin small letter o with circumflex */ +entityToCharacterMap["õ"] = "245"; /* 245 : Latin small letter o with tilde */ +entityToCharacterMap["ö"] = "246"; /* 246 : Latin small letter o with diaeresis */ +entityToCharacterMap["÷"] = "247"; /* 247 : division sign */ +entityToCharacterMap["ø"] = "248"; /* 248 : Latin small letter o with stroke */ +entityToCharacterMap["ù"] = "249"; /* 249 : Latin small letter u with grave */ +entityToCharacterMap["ú"] = "250"; /* 250 : Latin small letter u with acute */ +entityToCharacterMap["û"] = "251"; /* 251 : Latin small letter u with circumflex */ +entityToCharacterMap["ü"] = "252"; /* 252 : Latin small letter u with diaeresis */ +entityToCharacterMap["ý"] = "253"; /* 253 : Latin small letter y with acute */ +entityToCharacterMap["þ"] = "254"; /* 254 : Latin small letter thorn */ +entityToCharacterMap["ÿ"] = "255"; /* 255 : Latin small letter y with diaeresis */ +entityToCharacterMap["&OElig"] = "338"; /* 338 : Latin capital ligature oe */ +entityToCharacterMap["&oelig"] = "339"; /* 339 : Latin small ligature oe */ +entityToCharacterMap["&Scaron"] = "352"; /* 352 : Latin capital letter s with caron */ +entityToCharacterMap["&scaron"] = "353"; /* 353 : Latin small letter s with caron */ +entityToCharacterMap["&Yuml"] = "376"; /* 376 : Latin capital letter y with diaeresis */ +entityToCharacterMap["&fnof"] = "402"; /* 402 : Latin small letter f with hook */ +entityToCharacterMap["&circ"] = "710"; /* 710 : modifier letter circumflex accent */ +entityToCharacterMap["&tilde"] = "732"; /* 732 : small tilde */ +entityToCharacterMap["&Alpha"] = "913"; /* 913 : Greek capital letter alpha */ +entityToCharacterMap["&Beta"] = "914"; /* 914 : Greek capital letter beta */ +entityToCharacterMap["&Gamma"] = "915"; /* 915 : Greek capital letter gamma */ +entityToCharacterMap["&Delta"] = "916"; /* 916 : Greek capital letter delta */ +entityToCharacterMap["&Epsilon"] = "917"; /* 917 : Greek capital letter epsilon */ +entityToCharacterMap["&Zeta"] = "918"; /* 918 : Greek capital letter zeta */ +entityToCharacterMap["&Eta"] = "919"; /* 919 : Greek capital letter eta */ +entityToCharacterMap["&Theta"] = "920"; /* 920 : Greek capital letter theta */ +entityToCharacterMap["&Iota"] = "921"; /* 921 : Greek capital letter iota */ +entityToCharacterMap["&Kappa"] = "922"; /* 922 : Greek capital letter kappa */ +entityToCharacterMap["&Lambda"] = "923"; /* 923 : Greek capital letter lambda */ +entityToCharacterMap["&Mu"] = "924"; /* 924 : Greek capital letter mu */ +entityToCharacterMap["&Nu"] = "925"; /* 925 : Greek capital letter nu */ +entityToCharacterMap["&Xi"] = "926"; /* 926 : Greek capital letter xi */ +entityToCharacterMap["&Omicron"] = "927"; /* 927 : Greek capital letter omicron */ +entityToCharacterMap["&Pi"] = "928"; /* 928 : Greek capital letter pi */ +entityToCharacterMap["&Rho"] = "929"; /* 929 : Greek capital letter rho */ +entityToCharacterMap["&Sigma"] = "931"; /* 931 : Greek capital letter sigma */ +entityToCharacterMap["&Tau"] = "932"; /* 932 : Greek capital letter tau */ +entityToCharacterMap["&Upsilon"] = "933"; /* 933 : Greek capital letter upsilon */ +entityToCharacterMap["&Phi"] = "934"; /* 934 : Greek capital letter phi */ +entityToCharacterMap["&Chi"] = "935"; /* 935 : Greek capital letter chi */ +entityToCharacterMap["&Psi"] = "936"; /* 936 : Greek capital letter psi */ +entityToCharacterMap["&Omega"] = "937"; /* 937 : Greek capital letter omega */ +entityToCharacterMap["&alpha"] = "945"; /* 945 : Greek small letter alpha */ +entityToCharacterMap["&beta"] = "946"; /* 946 : Greek small letter beta */ +entityToCharacterMap["&gamma"] = "947"; /* 947 : Greek small letter gamma */ +entityToCharacterMap["&delta"] = "948"; /* 948 : Greek small letter delta */ +entityToCharacterMap["&epsilon"] = "949"; /* 949 : Greek small letter epsilon */ +entityToCharacterMap["&zeta"] = "950"; /* 950 : Greek small letter zeta */ +entityToCharacterMap["&eta"] = "951"; /* 951 : Greek small letter eta */ +entityToCharacterMap["&theta"] = "952"; /* 952 : Greek small letter theta */ +entityToCharacterMap["&iota"] = "953"; /* 953 : Greek small letter iota */ +entityToCharacterMap["&kappa"] = "954"; /* 954 : Greek small letter kappa */ +entityToCharacterMap["&lambda"] = "955"; /* 955 : Greek small letter lambda */ +entityToCharacterMap["&mu"] = "956"; /* 956 : Greek small letter mu */ +entityToCharacterMap["&nu"] = "957"; /* 957 : Greek small letter nu */ +entityToCharacterMap["&xi"] = "958"; /* 958 : Greek small letter xi */ +entityToCharacterMap["&omicron"] = "959"; /* 959 : Greek small letter omicron */ +entityToCharacterMap["&pi"] = "960"; /* 960 : Greek small letter pi */ +entityToCharacterMap["&rho"] = "961"; /* 961 : Greek small letter rho */ +entityToCharacterMap["&sigmaf"] = "962"; /* 962 : Greek small letter final sigma */ +entityToCharacterMap["&sigma"] = "963"; /* 963 : Greek small letter sigma */ +entityToCharacterMap["&tau"] = "964"; /* 964 : Greek small letter tau */ +entityToCharacterMap["&upsilon"] = "965"; /* 965 : Greek small letter upsilon */ +entityToCharacterMap["&phi"] = "966"; /* 966 : Greek small letter phi */ +entityToCharacterMap["&chi"] = "967"; /* 967 : Greek small letter chi */ +entityToCharacterMap["&psi"] = "968"; /* 968 : Greek small letter psi */ +entityToCharacterMap["&omega"] = "969"; /* 969 : Greek small letter omega */ +entityToCharacterMap["&thetasym"] = "977"; /* 977 : Greek theta symbol */ +entityToCharacterMap["&upsih"] = "978"; /* 978 : Greek upsilon with hook symbol */ +entityToCharacterMap["&piv"] = "982"; /* 982 : Greek pi symbol */ +entityToCharacterMap["&ensp"] = "8194"; /* 8194 : en space */ +entityToCharacterMap["&emsp"] = "8195"; /* 8195 : em space */ +entityToCharacterMap["&thinsp"] = "8201"; /* 8201 : thin space */ +entityToCharacterMap["&zwnj"] = "8204"; /* 8204 : zero width non-joiner */ +entityToCharacterMap["&zwj"] = "8205"; /* 8205 : zero width joiner */ +entityToCharacterMap["&lrm"] = "8206"; /* 8206 : left-to-right mark */ +entityToCharacterMap["&rlm"] = "8207"; /* 8207 : right-to-left mark */ +entityToCharacterMap["&ndash"] = "8211"; /* 8211 : en dash */ +entityToCharacterMap["&mdash"] = "8212"; /* 8212 : em dash */ +entityToCharacterMap["&lsquo"] = "8216"; /* 8216 : left single quotation mark */ +entityToCharacterMap["&rsquo"] = "8217"; /* 8217 : right single quotation mark */ +entityToCharacterMap["&sbquo"] = "8218"; /* 8218 : single low-9 quotation mark */ +entityToCharacterMap["&ldquo"] = "8220"; /* 8220 : left double quotation mark */ +entityToCharacterMap["&rdquo"] = "8221"; /* 8221 : right double quotation mark */ +entityToCharacterMap["&bdquo"] = "8222"; /* 8222 : double low-9 quotation mark */ +entityToCharacterMap["&dagger"] = "8224"; /* 8224 : dagger */ +entityToCharacterMap["&Dagger"] = "8225"; /* 8225 : double dagger */ +entityToCharacterMap["&bull"] = "8226"; /* 8226 : bullet */ +entityToCharacterMap["&hellip"] = "8230"; /* 8230 : horizontal ellipsis */ +entityToCharacterMap["&permil"] = "8240"; /* 8240 : per mille sign */ +entityToCharacterMap["&prime"] = "8242"; /* 8242 : prime */ +entityToCharacterMap["&Prime"] = "8243"; /* 8243 : double prime */ +entityToCharacterMap["&lsaquo"] = "8249"; /* 8249 : single left-pointing angle quotation mark */ +entityToCharacterMap["&rsaquo"] = "8250"; /* 8250 : single right-pointing angle quotation mark */ +entityToCharacterMap["&oline"] = "8254"; /* 8254 : overline */ +entityToCharacterMap["&frasl"] = "8260"; /* 8260 : fraction slash */ +entityToCharacterMap["&euro"] = "8364"; /* 8364 : euro sign */ +entityToCharacterMap["&image"] = "8365"; /* 8465 : black-letter capital i */ +entityToCharacterMap["&weierp"] = "8472"; /* 8472 : script capital p, Weierstrass p */ +entityToCharacterMap["&real"] = "8476"; /* 8476 : black-letter capital r */ +entityToCharacterMap["&trade"] = "8482"; /* 8482 : trademark sign */ +entityToCharacterMap["&alefsym"] = "8501"; /* 8501 : alef symbol */ +entityToCharacterMap["&larr"] = "8592"; /* 8592 : leftwards arrow */ +entityToCharacterMap["&uarr"] = "8593"; /* 8593 : upwards arrow */ +entityToCharacterMap["&rarr"] = "8594"; /* 8594 : rightwards arrow */ +entityToCharacterMap["&darr"] = "8595"; /* 8595 : downwards arrow */ +entityToCharacterMap["&harr"] = "8596"; /* 8596 : left right arrow */ +entityToCharacterMap["&crarr"] = "8629"; /* 8629 : downwards arrow with corner leftwards */ +entityToCharacterMap["&lArr"] = "8656"; /* 8656 : leftwards double arrow */ +entityToCharacterMap["&uArr"] = "8657"; /* 8657 : upwards double arrow */ +entityToCharacterMap["&rArr"] = "8658"; /* 8658 : rightwards double arrow */ +entityToCharacterMap["&dArr"] = "8659"; /* 8659 : downwards double arrow */ +entityToCharacterMap["&hArr"] = "8660"; /* 8660 : left right double arrow */ +entityToCharacterMap["&forall"] = "8704"; /* 8704 : for all */ +entityToCharacterMap["&part"] = "8706"; /* 8706 : partial differential */ +entityToCharacterMap["&exist"] = "8707"; /* 8707 : there exists */ +entityToCharacterMap["&empty"] = "8709"; /* 8709 : empty set */ +entityToCharacterMap["&nabla"] = "8711"; /* 8711 : nabla */ +entityToCharacterMap["&isin"] = "8712"; /* 8712 : element of */ +entityToCharacterMap["¬in"] = "8713"; /* 8713 : not an element of */ +entityToCharacterMap["&ni"] = "8715"; /* 8715 : contains as member */ +entityToCharacterMap["&prod"] = "8719"; /* 8719 : n-ary product */ +entityToCharacterMap["&sum"] = "8721"; /* 8721 : n-ary summation */ +entityToCharacterMap["&minus"] = "8722"; /* 8722 : minus sign */ +entityToCharacterMap["&lowast"] = "8727"; /* 8727 : asterisk operator */ +entityToCharacterMap["&radic"] = "8730"; /* 8730 : square root */ +entityToCharacterMap["&prop"] = "8733"; /* 8733 : proportional to */ +entityToCharacterMap["&infin"] = "8734"; /* 8734 : infinity */ +entityToCharacterMap["&ang"] = "8736"; /* 8736 : angle */ +entityToCharacterMap["&and"] = "8743"; /* 8743 : logical and */ +entityToCharacterMap["&or"] = "8744"; /* 8744 : logical or */ +entityToCharacterMap["&cap"] = "8745"; /* 8745 : intersection */ +entityToCharacterMap["&cup"] = "8746"; /* 8746 : union */ +entityToCharacterMap["&int"] = "8747"; /* 8747 : integral */ +entityToCharacterMap["&there4"] = "8756"; /* 8756 : therefore */ +entityToCharacterMap["&sim"] = "8764"; /* 8764 : tilde operator */ +entityToCharacterMap["&cong"] = "8773"; /* 8773 : congruent to */ +entityToCharacterMap["&asymp"] = "8776"; /* 8776 : almost equal to */ +entityToCharacterMap["&ne"] = "8800"; /* 8800 : not equal to */ +entityToCharacterMap["&equiv"] = "8801"; /* 8801 : identical to, equivalent to */ +entityToCharacterMap["&le"] = "8804"; /* 8804 : less-than or equal to */ +entityToCharacterMap["&ge"] = "8805"; /* 8805 : greater-than or equal to */ +entityToCharacterMap["&sub"] = "8834"; /* 8834 : subset of */ +entityToCharacterMap["&sup"] = "8835"; /* 8835 : superset of */ +entityToCharacterMap["&nsub"] = "8836"; /* 8836 : not a subset of */ +entityToCharacterMap["&sube"] = "8838"; /* 8838 : subset of or equal to */ +entityToCharacterMap["&supe"] = "8839"; /* 8839 : superset of or equal to */ +entityToCharacterMap["&oplus"] = "8853"; /* 8853 : circled plus */ +entityToCharacterMap["&otimes"] = "8855"; /* 8855 : circled times */ +entityToCharacterMap["&perp"] = "8869"; /* 8869 : up tack */ +entityToCharacterMap["&sdot"] = "8901"; /* 8901 : dot operator */ +entityToCharacterMap["&lceil"] = "8968"; /* 8968 : left ceiling */ +entityToCharacterMap["&rceil"] = "8969"; /* 8969 : right ceiling */ +entityToCharacterMap["&lfloor"] = "8970"; /* 8970 : left floor */ +entityToCharacterMap["&rfloor"] = "8971"; /* 8971 : right floor */ +entityToCharacterMap["&lang"] = "9001"; /* 9001 : left-pointing angle bracket */ +entityToCharacterMap["&rang"] = "9002"; /* 9002 : right-pointing angle bracket */ +entityToCharacterMap["&loz"] = "9674"; /* 9674 : lozenge */ +entityToCharacterMap["&spades"] = "9824"; /* 9824 : black spade suit */ +entityToCharacterMap["&clubs"] = "9827"; /* 9827 : black club suit */ +entityToCharacterMap["&hearts"] = "9829"; /* 9829 : black heart suit */ +entityToCharacterMap["&diams"] = "9830"; /* 9830 : black diamond suit */ var characterToEntityMap = []; -for ( var entity in entityToCharacterMap ) { - characterToEntityMap[entityToCharacterMap[entity]] = entity; +for (var entity in entityToCharacterMap) { + characterToEntityMap[entityToCharacterMap[entity]] = entity; } $namespace('org.owasp.esapi.codecs'); -org.owasp.esapi.codecs.HTMLEntityCodec = function() { - var _super = new org.owasp.esapi.codecs.Codec(); - - var getNumericEntity = function(input) { - var first = input.peek(); - if (first == null) { - return null; - } - - if (first == 'x' || first == 'X') { - input.next(); - return parseHex(input); - } - return parseNumber(input); - }; - - var parseNumber = function(input) { - var out = ''; - while (input.hasNext()) { - var c = input.peek(); - if (c.match(/[0-9]/)) { - out += c; - input.next(); - } else if (c == ';') { - input.next(); - break; - } else { - break; - } - } - - try { - return parseInt(out); - } catch (e) { - return null; - } - }; - - var parseHex = function(input) { - var out = ''; - while (input.hasNext()) { - var c = input.peek(); - if (c.match(/[0-9A-Fa-f]/)) { - out += c; - input.next(); - } else if (c == ';') { - input.next(); - break; - } else { - break; - } - } - try { - return parseInt(out, 16); - } catch (e) { - return null; - } - }; - - var getNamedEntity = function(input) { - var entity = ''; - while (input.hasNext()) { - var c = input.peek(); - if (c.match(/[A-Za-z]/)) { - entity += c; - input.next(); - if (entityToCharacterMap.containsKey('&' + entity)) { - if (input.peek(';')) input.next(); - break; - } - } else if (c == ';') { - input.next(); - } else { - break; - } - } - - return String.fromCharCode(entityToCharacterMap.getCaseInsensitive('&' + entity)); - }; - - return { - encode: _super.encode, - - decode: _super.decode, - - encodeCharacter: function(aImmune, c) { - if (aImmune.contains(c)) { - return c; - } - - var hex = org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric(c); - if (hex == null) { - return c; - } - - var cc = c.charCodeAt(0); - if (( cc <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( cc >= 0x7f && cc <= 0x9f ) || c == ' ') { - return " "; - } - - var entityName = characterToEntityMap[cc]; - if (entityName != null) { - return entityName + ";"; - } - - return "&#x" + hex + ";"; - }, - - decodeCharacter: function(oPushbackString) { - //noinspection UnnecessaryLocalVariableJS - var input = oPushbackString; - input.mark(); - var first = input.next(); - if (first == null || first != '&') { - input.reset(); - return null; - } - - var second = input.next(); - if (second == null) { - input.reset(); - return null; - } - - if (second == '#') { - var c = getNumericEntity(input); - if (c != null) { - return c; - } - } else if (second.match(/[A-Za-z]/)) { - input.pushback(second); - c = getNamedEntity(input); - if (c != null) { - return c; - } - } - input.reset(); - return null; - } - }; +org.owasp.esapi.codecs.HTMLEntityCodec = function () { + var _super = new org.owasp.esapi.codecs.Codec(); + + var getNumericEntity = function (input) { + var first = input.peek(); + if (first == null) { + return null; + } + + if (first == 'x' || first == 'X') { + input.next(); + return parseHex(input); + } + return parseNumber(input); + }; + + var parseNumber = function (input) { + var out = ''; + while (input.hasNext()) { + var c = input.peek(); + if (c.match(/[0-9]/)) { + out += c; + input.next(); + } else if (c == ';') { + input.next(); + break; + } else { + break; + } + } + + try { + return parseInt(out); + } catch (e) { + return null; + } + }; + + var parseHex = function (input) { + var out = ''; + while (input.hasNext()) { + var c = input.peek(); + if (c.match(/[0-9A-Fa-f]/)) { + out += c; + input.next(); + } else if (c == ';') { + input.next(); + break; + } else { + break; + } + } + try { + return parseInt(out, 16); + } catch (e) { + return null; + } + }; + + var getNamedEntity = function (input) { + var entity = ''; + while (input.hasNext()) { + var c = input.peek(); + if (c.match(/[A-Za-z]/)) { + entity += c; + input.next(); + if (entityToCharacterMap.containsKey('&' + entity)) { + if (input.peek(';')) + input.next(); + break; + } + } else if (c == ';') { + input.next(); + } else { + break; + } + } + + return String.fromCharCode(entityToCharacterMap.getCaseInsensitive('&' + entity)); + }; + + return { + encode: _super.encode, + decode: _super.decode, + encodeCharacter: function (aImmune, c) { + if (aImmune.contains(c)) { + return c; + } + + var hex = org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric(c); + if (hex == null) { + return c; + } + + var cc = c.charCodeAt(0); + if ((cc <= 0x1f && c != '\t' && c != '\n' && c != '\r') || (cc >= 0x7f && cc <= 0x9f) || c == ' ') { + return " "; + } + + var entityName = characterToEntityMap[cc]; + if (entityName != null) { + return entityName + ";"; + } + + return "&#x" + hex + ";"; + }, + decodeCharacter: function (oPushbackString) { + //noinspection UnnecessaryLocalVariableJS + var input = oPushbackString; + input.mark(); + var first = input.next(); + if (first == null || first != '&') { + input.reset(); + return null; + } + + var second = input.next(); + if (second == null) { + input.reset(); + return null; + } + + if (second == '#') { + var c = getNumericEntity(input); + if (c != null) { + return c; + } + } else if (second.match(/[A-Za-z]/)) { + input.pushback(second); + c = getNamedEntity(input); + if (c != null) { + return c; + } + } + input.reset(); + return null; + } + }; }; $namespace('org.owasp.esapi.codecs'); -org.owasp.esapi.codecs.JavascriptCodec = function() { - var _super = new org.owasp.esapi.codecs.Codec(); - - return { - encode: function(aImmune, sInput) { - var out = ''; - for (var idx = 0; idx < sInput.length; idx ++) { - var ch = sInput.charAt(idx); - if (aImmune.contains(ch)) { - out += ch; - } - else { - var hex = org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric(ch); - if (hex == null) { - out += ch; - } - else { - var tmp = ch.charCodeAt(0).toString(16); - if (ch.charCodeAt(0) < 256) { - var pad = "00".substr(tmp.length); - out += "\\x" + pad + tmp.toUpperCase(); - } - else { - pad = "0000".substr(tmp.length); - out += "\\u" + pad + tmp.toUpperCase(); - } - } - } - } - return out; - }, - - decode: _super.decode, - - decodeCharacter: function(oPushbackString) { - oPushbackString.mark(); - var first = oPushbackString.next(); - if (first == null) { - oPushbackString.reset(); - return null; - } - - if (first != '\\') { - oPushbackString.reset(); - return null; - } - - var second = oPushbackString.next(); - if (second == null) { - oPushbackString.reset(); - return null; - } - - // \0 collides with the octal decoder and is non-standard - // if ( second.charValue() == '0' ) { - // return Character.valueOf( (char)0x00 ); - if (second == 'b') { - return 0x08; - } else if (second == 't') { - return 0x09; - } else if (second == 'n') { - return 0x0a; - } else if (second == 'v') { - return 0x0b; - } else if (second == 'f') { - return 0x0c; - } else if (second == 'r') { - return 0x0d; - } else if (second == '\"') { - return 0x22; - } else if (second == '\'') { - return 0x27; - } else if (second == '\\') { - return 0x5c; - } else if (second.toLowerCase() == 'x') { - out = ''; - for (var i = 0; i < 2; i++) { - var c = oPushbackString.nextHex(); - if (c != null) { - out += c; - } else { - input.reset(); - return null; - } - } - try { - n = parseInt(out, 16); - return String.fromCharCode(n); - } catch (e) { - oPushbackString.reset(); - return null; - } - } else if (second.toLowerCase() == 'u') { - out = ''; - for (i = 0; i < 4; i++) { - c = oPushbackString.nextHex(); - if (c != null) { - out += c; - } else { - input.reset(); - return null; - } - } - try { - var n = parseInt(out, 16); - return String.fromCharCode(n); - } catch (e) { - oPushbackString.reset(); - return null; - } - } else if (oPushbackString.isOctalDigit(second)) { - var out = second; - var c2 = oPushbackString.next(); - if (!oPushbackString.isOctalDigit(c2)) { - oPushbackString.pushback(c2); - } else { - out += c2; - var c3 = oPushbackString.next(); - if (!oPushbackString.isOctalDigit(c3)) { - oPushbackString.pushback(c3); - } else { - out += c3; - } - } - - try { - n = parseInt(out, 8); - return String.fromCharCode(n); - } catch (e) { - oPushbackString.reset(); - return null; - } - } - return second; - } - }; +org.owasp.esapi.codecs.JavascriptCodec = function () { + var _super = new org.owasp.esapi.codecs.Codec(); + + return { + encode: function (aImmune, sInput) { + var out = ''; + for (var idx = 0; idx < sInput.length; idx++) { + var ch = sInput.charAt(idx); + if (aImmune.contains(ch)) { + out += ch; + } + else { + var hex = org.owasp.esapi.codecs.Codec.getHexForNonAlphanumeric(ch); + if (hex == null) { + out += ch; + } + else { + var tmp = ch.charCodeAt(0).toString(16); + if (ch.charCodeAt(0) < 256) { + var pad = "00".substr(tmp.length); + out += "\\x" + pad + tmp.toUpperCase(); + } + else { + pad = "0000".substr(tmp.length); + out += "\\u" + pad + tmp.toUpperCase(); + } + } + } + } + return out; + }, + decode: _super.decode, + decodeCharacter: function (oPushbackString) { + oPushbackString.mark(); + var first = oPushbackString.next(); + if (first == null) { + oPushbackString.reset(); + return null; + } + + if (first != '\\') { + oPushbackString.reset(); + return null; + } + + var second = oPushbackString.next(); + if (second == null) { + oPushbackString.reset(); + return null; + } + + // \0 collides with the octal decoder and is non-standard + // if ( second.charValue() == '0' ) { + // return Character.valueOf( (char)0x00 ); + if (second == 'b') { + return 0x08; + } else if (second == 't') { + return 0x09; + } else if (second == 'n') { + return 0x0a; + } else if (second == 'v') { + return 0x0b; + } else if (second == 'f') { + return 0x0c; + } else if (second == 'r') { + return 0x0d; + } else if (second == '\"') { + return 0x22; + } else if (second == '\'') { + return 0x27; + } else if (second == '\\') { + return 0x5c; + } else if (second.toLowerCase() == 'x') { + out = ''; + for (var i = 0; i < 2; i++) { + var c = oPushbackString.nextHex(); + if (c != null) { + out += c; + } else { + input.reset(); + return null; + } + } + try { + n = parseInt(out, 16); + return String.fromCharCode(n); + } catch (e) { + oPushbackString.reset(); + return null; + } + } else if (second.toLowerCase() == 'u') { + out = ''; + for (i = 0; i < 4; i++) { + c = oPushbackString.nextHex(); + if (c != null) { + out += c; + } else { + input.reset(); + return null; + } + } + try { + var n = parseInt(out, 16); + return String.fromCharCode(n); + } catch (e) { + oPushbackString.reset(); + return null; + } + } else if (oPushbackString.isOctalDigit(second)) { + var out = second; + var c2 = oPushbackString.next(); + if (!oPushbackString.isOctalDigit(c2)) { + oPushbackString.pushback(c2); + } else { + out += c2; + var c3 = oPushbackString.next(); + if (!oPushbackString.isOctalDigit(c3)) { + oPushbackString.pushback(c3); + } else { + out += c3; + } + } + + try { + n = parseInt(out, 8); + return String.fromCharCode(n); + } catch (e) { + oPushbackString.reset(); + return null; + } + } + return second; + } + }; }; $namespace('org.owasp.esapi.codecs'); -org.owasp.esapi.codecs.PercentCodec = function() { - var _super = new org.owasp.esapi.codecs.Codec(); - - var ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - var RFC_NON_ALPHANUMERIC_UNRESERVED_STR = "-._~"; - var ENCODED_NON_ALPHA_NUMERIC_UNRESERVED = true; - var UNENCODED_STR = ALPHA_NUMERIC_STR + (ENCODED_NON_ALPHA_NUMERIC_UNRESERVED ? "" : RFC_NON_ALPHANUMERIC_UNRESERVED_STR); - - var getTwoUpperBytes = function(b) { - var out = ''; - if (b < -128 || b > 127) { - throw new IllegalArgumentException("b is not a byte (was " + b + ")"); - } - b &= 0xFF; - if (b < 0x10) { - out += '0'; - } - return out + b.toString(16).toUpperCase(); - }; - - return { - encode: _super.encode, - - decode: _super.decode, - - encodeCharacter: function(aImmune, c) { - if (UNENCODED_STR.indexOf(c) > -1) { - return c; - } - - var bytes = org.owasp.esapi.codecs.UTF8.encode(c); - var out = ''; - for (var b = 0; b < bytes.length; b++) { - out += '%' + getTwoUpperBytes(bytes.charCodeAt(b)); - } - return out; - }, - - decodeCharacter: function(oPushbackString) { - oPushbackString.mark(); - var first = oPushbackString.next(); - if (first == null || first != '%') { - oPushbackString.reset(); - return null; - } - - var out = ''; - for (var i = 0; i < 2; i++) { - var c = oPushbackString.nextHex(); - if (c != null) { - out += c; - } - } - if (out.length == 2) { - try { - var n = parseInt(out, 16); - return String.fromCharCode(n); - } catch (e) { - } - } - oPushbackString.reset(); - return null; - } - }; +org.owasp.esapi.codecs.PercentCodec = function () { + var _super = new org.owasp.esapi.codecs.Codec(); + + var ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + var RFC_NON_ALPHANUMERIC_UNRESERVED_STR = "-._~"; + var ENCODED_NON_ALPHA_NUMERIC_UNRESERVED = true; + var UNENCODED_STR = ALPHA_NUMERIC_STR + (ENCODED_NON_ALPHA_NUMERIC_UNRESERVED ? "" : RFC_NON_ALPHANUMERIC_UNRESERVED_STR); + + var getTwoUpperBytes = function (b) { + var out = ''; + if (b < -128 || b > 127) { + throw new IllegalArgumentException("b is not a byte (was " + b + ")"); + } + b &= 0xFF; + if (b < 0x10) { + out += '0'; + } + return out + b.toString(16).toUpperCase(); + }; + + return { + encode: _super.encode, + decode: _super.decode, + encodeCharacter: function (aImmune, c) { + if (UNENCODED_STR.indexOf(c) > -1) { + return c; + } + + var bytes = org.owasp.esapi.codecs.UTF8.encode(c); + var out = ''; + for (var b = 0; b < bytes.length; b++) { + out += '%' + getTwoUpperBytes(bytes.charCodeAt(b)); + } + return out; + }, + decodeCharacter: function (oPushbackString) { + oPushbackString.mark(); + var first = oPushbackString.next(); + if (first == null || first != '%') { + oPushbackString.reset(); + return null; + } + + var out = ''; + for (var i = 0; i < 2; i++) { + var c = oPushbackString.nextHex(); + if (c != null) { + out += c; + } + } + if (out.length == 2) { + try { + var n = parseInt(out, 16); + return String.fromCharCode(n); + } catch (e) { + } + } + oPushbackString.reset(); + return null; + } + }; }; $namespace('org.owasp.esapi.codecs'); -org.owasp.esapi.codecs.PushbackString = function(sInput) { - var _input = sInput, - _pushback = '', - _temp = '', - _index = 0, - _mark = 0; - - return { - pushback: function(c) { - _pushback = c; - }, - - index: function() { - return _index; - }, - - hasNext: function() { - if (_pushback != null) return true; - return !(_input == null || _input.length == 0 || _index >= _input.length); - - }, - - next: function() { - if (_pushback != null) { - var save = _pushback; - _pushback = null; - return save; - } - if (_input == null || _input.length == 0 || _index >= _input.length) { - return null; - } - return _input.charAt(_index++); - }, - - nextHex: function() { - var c = this.next(); - if (this.isHexDigit(c)) return c; - return null; - }, - - nextOctal: function() { - var c = this.next(); - if (this.isOctalDigit(c)) return c; - return null; - }, - - isHexDigit: function(c) { - return c != null && ( ( c >= '0' && c <= '9' ) || ( c >= 'a' && c <= 'f' ) || ( c >= 'A' && c <= 'F' ) ); - }, - - isOctalDigit: function(c) { - return c != null && ( c >= '0' && c <= '7' ); - }, - - peek: function(c) { - if (!c) { - if (_pushback != null) return _pushback; - if (_input == null || _input.length == 0 || _index >= _input.length) return null; - return _input.charAt(_index); - } else { - if (_pushback != null && _pushback == c) return true; - if (_input == null || _input.length == 0 || _index >= _input.length) return false; - return _input.charAt(_index) == c; - } - }, - - mark: function() { - _temp = _pushback; - _mark = _index; - }, - - reset: function() { - _pushback = _temp; - _index = _mark; - }, - - remainder: function() { - var out = _input.substr(_index); - if (_pushback != null) { - out = _pushback + out; - } - return out; - } - }; +org.owasp.esapi.codecs.PushbackString = function (sInput) { + var _input = sInput, + _pushback = '', + _temp = '', + _index = 0, + _mark = 0; + + return { + pushback: function (c) { + _pushback = c; + }, + index: function () { + return _index; + }, + hasNext: function () { + if (_pushback != null) + return true; + return !(_input == null || _input.length == 0 || _index >= _input.length); + + }, + next: function () { + if (_pushback != null) { + var save = _pushback; + _pushback = null; + return save; + } + if (_input == null || _input.length == 0 || _index >= _input.length) { + return null; + } + return _input.charAt(_index++); + }, + nextHex: function () { + var c = this.next(); + if (this.isHexDigit(c)) + return c; + return null; + }, + nextOctal: function () { + var c = this.next(); + if (this.isOctalDigit(c)) + return c; + return null; + }, + isHexDigit: function (c) { + return c != null && ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')); + }, + isOctalDigit: function (c) { + return c != null && (c >= '0' && c <= '7'); + }, + peek: function (c) { + if (!c) { + if (_pushback != null) + return _pushback; + if (_input == null || _input.length == 0 || _index >= _input.length) + return null; + return _input.charAt(_index); + } else { + if (_pushback != null && _pushback == c) + return true; + if (_input == null || _input.length == 0 || _index >= _input.length) + return false; + return _input.charAt(_index) == c; + } + }, + mark: function () { + _temp = _pushback; + _mark = _index; + }, + reset: function () { + _pushback = _temp; + _index = _mark; + }, + remainder: function () { + var out = _input.substr(_index); + if (_pushback != null) { + out = _pushback + out; + } + return out; + } + }; }; $namespace('org.owasp.esapi.codecs'); org.owasp.esapi.codecs.UTF8 = { - encode: function(sInput) { - var input = sInput.replace(/\r\n/g, "\n"); - var utftext = ''; - - for (var n = 0; n < input.length; n ++) { - var c = input.charCodeAt(n); - - if (c < 128) { - utftext += String.fromCharCode(c); - } - else if (( c > 127) && (c < 2048)) { - utftext += String.fromCharCode((c >> 6) | 192); - utftext += String.fromCharCode((c & 63) | 128); - } - else { - utftext += String.fromCharCode((c >> 12) | 224); - utftext += String.fromCharCode(((c >> 6) & 63) | 128); - utftext += String.fromCharCode((c & 63) | 128); - } - } - - return utftext; - } - , - - decode: function(sInput) { - var out = ''; - var i = c = c1 = c2 = 0; - - while (i < sInput.length) { - c = sInput.charCodeAt(i); - - if (c < 128) { - out += String.fromCharCode(c); - i ++; - } - else if ((c > 191) && (c < 224)) { - c2 = sInput.charCodeAt(i + 1); - out += String.fromCharCode(((c & 31) << 6) | (c2 & 63)); - i += 2; - } - else { - c2 = utftext.charCodeAt(i + 1); - c3 = utftext.charCodeAt(i + 2); - string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63)); - i += 3; - } - } - - return out; - } + encode: function (sInput) { + var input = sInput.replace(/\r\n/g, "\n"); + var utftext = ''; + + for (var n = 0; n < input.length; n++) { + var c = input.charCodeAt(n); + + if (c < 128) { + utftext += String.fromCharCode(c); + } + else if ((c > 127) && (c < 2048)) { + utftext += String.fromCharCode((c >> 6) | 192); + utftext += String.fromCharCode((c & 63) | 128); + } + else { + utftext += String.fromCharCode((c >> 12) | 224); + utftext += String.fromCharCode(((c >> 6) & 63) | 128); + utftext += String.fromCharCode((c & 63) | 128); + } + } + + return utftext; + } + , + decode: function (sInput) { + var out = ''; + var i = c = c1 = c2 = 0; + + while (i < sInput.length) { + c = sInput.charCodeAt(i); + + if (c < 128) { + out += String.fromCharCode(c); + i++; + } + else if ((c > 191) && (c < 224)) { + c2 = sInput.charCodeAt(i + 1); + out += String.fromCharCode(((c & 31) << 6) | (c2 & 63)); + i += 2; + } + else { + c2 = utftext.charCodeAt(i + 1); + c3 = utftext.charCodeAt(i + 2); + string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63)); + i += 3; + } + } + + return out; + } }; $namespace('org.owasp.esapi.i18n'); -org.owasp.esapi.i18n.ArrayResourceBundle = function( sName, oLocale, aMessages, oParent ) { - with(org.owasp.esapi.i18n) var _super = new ResourceBundle( sName, oLocale, oParent ); - - var messages = aMessages; - - return { - getParent: _super.getParent, - getLocale: _super.getLocale, - getName: _super.getName, - getString: _super.getString, - getMessage: function(sKey) { - return messages[sKey]; - } - }; +org.owasp.esapi.i18n.ArrayResourceBundle = function (sName, oLocale, aMessages, oParent) { + with (org.owasp.esapi.i18n) + var _super = new ResourceBundle(sName, oLocale, oParent); + + var messages = aMessages; + + return { + getParent: _super.getParent, + getLocale: _super.getLocale, + getName: _super.getName, + getString: _super.getString, + getMessage: function (sKey) { + return messages[sKey]; + } + }; }; $namespace('org.owasp.esapi.i18n'); -org.owasp.esapi.i18n.Locale = function( sLanguage, sCountry, sVariant ) { - var language = sLanguage, country = sCountry, variant = sVariant; - - return { - getLanguage: function() { return language; }, - getCountry: function() { return country; }, - getVariant: function() { return variant; }, - toString: function() { return language + ( country ? "-" + country + ( variant ? "-" + variant : "" ) : "" ); } - }; +org.owasp.esapi.i18n.Locale = function (sLanguage, sCountry, sVariant) { + var language = sLanguage, country = sCountry, variant = sVariant; + + return { + getLanguage: function () { + return language; + }, + getCountry: function () { + return country; + }, + getVariant: function () { + return variant; + }, + toString: function () { + return language + (country ? "-" + country + (variant ? "-" + variant : "") : ""); + } + }; }; -org.owasp.esapi.i18n.Locale.US = new org.owasp.esapi.i18n.Locale("en","US"); -org.owasp.esapi.i18n.Locale.GB = new org.owasp.esapi.i18n.Locale("en","GB"); +org.owasp.esapi.i18n.Locale.US = new org.owasp.esapi.i18n.Locale("en", "US"); +org.owasp.esapi.i18n.Locale.GB = new org.owasp.esapi.i18n.Locale("en", "GB"); -org.owasp.esapi.i18n.Locale.getLocale = function(sLocale) { - var l = sLocale.split("-"); - return new org.owasp.esapi.i18n.Locale( l[0], (l.length>1?l[1]:""), (l.length>2?l.length[2]:"")); +org.owasp.esapi.i18n.Locale.getLocale = function (sLocale) { + var l = sLocale.split("-"); + return new org.owasp.esapi.i18n.Locale(l[0], (l.length > 1 ? l[1] : ""), (l.length > 2 ? l.length[2] : "")); }; -org.owasp.esapi.i18n.Locale.getDefault = function() { - var l = (navigator['language']?navigator['language']:(navigator['userLanguage']?navigator['userLanguage']:'en-US')).split("-"); - return new org.owasp.esapi.i18n.Locale( l[0], (l.length>1?l[1]:""), (l.length>2?l.length[2]:"")); +org.owasp.esapi.i18n.Locale.getDefault = function () { + var l = (navigator['language'] ? navigator['language'] : (navigator['userLanguage'] ? navigator['userLanguage'] : 'en-US')).split("-"); + return new org.owasp.esapi.i18n.Locale(l[0], (l.length > 1 ? l[1] : ""), (l.length > 2 ? l.length[2] : "")); }; $namespace('org.owasp.esapi.i18n'); -org.owasp.esapi.i18n.ObjectResourceBundle = function( oResource, oParent ) { - var _super = new org.owasp.esapi.i18n.ResourceBundle( oResource.name, org.owasp.esapi.i18n.Locale.getLocale(oResource.locale), oParent ); +org.owasp.esapi.i18n.ObjectResourceBundle = function (oResource, oParent) { + var _super = new org.owasp.esapi.i18n.ResourceBundle(oResource.name, org.owasp.esapi.i18n.Locale.getLocale(oResource.locale), oParent); - var messages = oResource.messages; + var messages = oResource.messages; - return { - getParent: _super.getParent, - getLocale: _super.getLocale, - getName: _super.getName, - getString: _super.getString, - getMessage: function(sKey) { - return messages[sKey]; - } - }; + return { + getParent: _super.getParent, + getLocale: _super.getLocale, + getName: _super.getName, + getString: _super.getString, + getMessage: function (sKey) { + return messages[sKey]; + } + }; }; $namespace('org.owasp.esapi.i18n'); -org.owasp.esapi.i18n.ResourceBundle = function( sName, oLocale, oParentResourceBundle ) { - var parent = oParentResourceBundle; - var locale = oLocale; - var name = sName; - - if ( !name ) throw new SyntaxError("Name required for implementations of org.owasp.esapi.i18n.ResourceBundle"); - if ( !locale ) throw new SyntaxError("Locale required for implementations of org.owasp.esapi.i18n.ResourceBundle"); - - return { - getParent: function() { return parent; }, - getLocale: function() { return locale; }, - getName: function() { return name; }, - getMessage: function(sKey) { return sKey; }, - getString: function( sKey, oContextMap ) { - if ( arguments.length < 1 ) { - throw new IllegalArgumentException("No key passed to getString"); - } - - var msg = this.getMessage(sKey); - if ( !msg ) { - if ( parent ) { - return parent.getString( sKey, oContextMap ); - } else { - return sKey; - } - } - - if ( !msg.match( /\{([A-Za-z]+)\}/ ) || !oContextMap ) { - return msg; - } - - var out = '', lastIndex = 0; - while (true) { - var nextVarIdx = msg.indexOf( "{", lastIndex ); - var endIndex = msg.indexOf( "}", nextVarIdx ); - - if ( nextVarIdx < 0 ) { - out += msg.substr( lastIndex, msg.length-lastIndex ); - break; - } - - if ( nextVarIdx >= 0 && endIndex < -1 ) { - throw new SyntaxError("Invalid Message - Unclosed Context Reference: " + msg ); - } - - out += msg.substring( lastIndex, nextVarIdx ); - var contextKey = msg.substring( nextVarIdx+1, endIndex ); - if ( oContextMap[contextKey] ) { - out += oContextMap[contextKey]; - } else { - out += msg.substring( nextVarIdx, endIndex+1 ); - } - - lastIndex = endIndex + 1; - } - - return out; - } - }; +org.owasp.esapi.i18n.ResourceBundle = function (sName, oLocale, oParentResourceBundle) { + var parent = oParentResourceBundle; + var locale = oLocale; + var name = sName; + + if (!name) + throw new SyntaxError("Name required for implementations of org.owasp.esapi.i18n.ResourceBundle"); + if (!locale) + throw new SyntaxError("Locale required for implementations of org.owasp.esapi.i18n.ResourceBundle"); + + return { + getParent: function () { + return parent; + }, + getLocale: function () { + return locale; + }, + getName: function () { + return name; + }, + getMessage: function (sKey) { + return sKey; + }, + getString: function (sKey, oContextMap) { + if (arguments.length < 1) { + throw new IllegalArgumentException("No key passed to getString"); + } + + var msg = this.getMessage(sKey); + if (!msg) { + if (parent) { + return parent.getString(sKey, oContextMap); + } else { + return sKey; + } + } + + if (!msg.match(/\{([A-Za-z]+)\}/) || !oContextMap) { + return msg; + } + + var out = '', lastIndex = 0; + while (true) { + var nextVarIdx = msg.indexOf("{", lastIndex); + var endIndex = msg.indexOf("}", nextVarIdx); + + if (nextVarIdx < 0) { + out += msg.substr(lastIndex, msg.length - lastIndex); + break; + } + + if (nextVarIdx >= 0 && endIndex < -1) { + throw new SyntaxError("Invalid Message - Unclosed Context Reference: " + msg); + } + + out += msg.substring(lastIndex, nextVarIdx); + var contextKey = msg.substring(nextVarIdx + 1, endIndex); + if (oContextMap[contextKey]) { + out += oContextMap[contextKey]; + } else { + out += msg.substring(nextVarIdx, endIndex + 1); + } + + lastIndex = endIndex + 1; + } + + return out; + } + }; }; -org.owasp.esapi.i18n.ResourceBundle.getResourceBundle = function(sResource, oLocale) { - var classname = sResource + "_" + oLocale.toString().replace("-","_"); +org.owasp.esapi.i18n.ResourceBundle.getResourceBundle = function (sResource, oLocale) { + var classname = sResource + "_" + oLocale.toString().replace("-", "_"); - with( org.owasp.esapi.i18n ) { - if ( ResourceBundle[classname] instanceof Object ) { - return ResourceBundle[classname]; - } else { - return new ResourceBundle[classname](); - } - } + with (org.owasp.esapi.i18n) { + if (ResourceBundle[classname] instanceof Object) { + return ResourceBundle[classname]; + } else { + return new ResourceBundle[classname](); + } + } }; $namespace('org.owasp.esapi.net'); @@ -1844,1110 +1923,1125 @@ $namespace('org.owasp.esapi.net'); * if the cookie name contains illegal characters (for example, a comma, space, or semicolon) or it is one of * the tokens reserved for use by the cookie protocol */ -org.owasp.esapi.net.Cookie = function( sName, sValue ) { - var name; // NAME= ... "$Name" style is reserved - var value; // value of NAME - - var comment; // ;Comment=VALUE ... describes the cookies use - var domain; // ;Domain=VALUE ... domain that sees the cookie - var maxAge; // ;Max-Age=VALUE ... cookies auto-expire - var path; // ;Path=VALUE ... URLs that see the cookie - var secure; // ;Secure ... e.g. use SSL - var version; // ;Version=1 ... means RFC-2109++ style - - var _resourceBundle = $ESAPI.resourceBundle(); - - var tSpecials = ",; "; - - var isToken = function(sValue) { - for(var i=0,len=sValue.length;i=0x7F||tSpecials.indexOf(c)!=-1) { - return false; - } - } - return true; - }; - - if ( !isToken(sName) - || sName.toLowerCase() == 'comment' - || sName.toLowerCase() == 'discard' - || sName.toLowerCase() == 'domain' - || sName.toLowerCase() == 'expires' - || sName.toLowerCase() == 'max-age' - || sName.toLowerCase() == 'path' - || sName.toLowerCase() == 'secure' - || sName.toLowerCase() == 'version' - || sName.charAt(0) == '$' ) { - var errMsg = _resourceBundle.getString( "Cookie.Name", { 'name':sName } ); - throw new IllegalArgumentException(errMsg); - } - - name = sName; - value = sValue; - - return { - setComment: function(purpose) { comment = purpose; }, - getComment: function() { return comment; }, - setDomain: function(sDomain) { domain = sDomain.toLowerCase(); }, - getDomain: function() { return domain; }, - setMaxAge: function(nExpirey) { maxAge = nExpirey; }, - getMaxAge: function() { return maxAge; }, - setPath: function(sPath) { path = sPath; }, - getPath: function() { return path; }, - setSecure: function(bSecure) { secure = bSecure; }, - getSecure: function() { return secure; }, - getName: function() { return name; }, - setValue: function(sValue) { value = sValue; }, - getValue: function() { return value; }, - setVersion: function(nVersion) { - if(nVersion<0||nVersion>1)throw new IllegalArgumentException(_resourceBundle.getString("Cookie.Version", { 'version':nVersion } ) ); - version = nVersion; - }, - getVersion: function() { return version; } - }; +org.owasp.esapi.net.Cookie = function (sName, sValue) { + var name; // NAME= ... "$Name" style is reserved + var value; // value of NAME + + var comment; // ;Comment=VALUE ... describes the cookies use + var domain; // ;Domain=VALUE ... domain that sees the cookie + var maxAge; // ;Max-Age=VALUE ... cookies auto-expire + var path; // ;Path=VALUE ... URLs that see the cookie + var secure; // ;Secure ... e.g. use SSL + var version; // ;Version=1 ... means RFC-2109++ style + + var _resourceBundle = $ESAPI.resourceBundle(); + + var tSpecials = ",; "; + + var isToken = function (sValue) { + for (var i = 0, len = sValue.length; i < len; i++) { + var cc = sValue.charCodeAt(i), c = sValue.charAt(i); + if (cc < 0x20 || cc >= 0x7F || tSpecials.indexOf(c) != -1) { + return false; + } + } + return true; + }; + + if (!isToken(sName) + || sName.toLowerCase() == 'comment' + || sName.toLowerCase() == 'discard' + || sName.toLowerCase() == 'domain' + || sName.toLowerCase() == 'expires' + || sName.toLowerCase() == 'max-age' + || sName.toLowerCase() == 'path' + || sName.toLowerCase() == 'secure' + || sName.toLowerCase() == 'version' + || sName.charAt(0) == '$') { + var errMsg = _resourceBundle.getString("Cookie.Name", {'name': sName}); + throw new IllegalArgumentException(errMsg); + } + + name = sName; + value = sValue; + + return { + setComment: function (purpose) { + comment = purpose; + }, + getComment: function () { + return comment; + }, + setDomain: function (sDomain) { + domain = sDomain.toLowerCase(); + }, + getDomain: function () { + return domain; + }, + setMaxAge: function (nExpirey) { + maxAge = nExpirey; + }, + getMaxAge: function () { + return maxAge; + }, + setPath: function (sPath) { + path = sPath; + }, + getPath: function () { + return path; + }, + setSecure: function (bSecure) { + secure = bSecure; + }, + getSecure: function () { + return secure; + }, + getName: function () { + return name; + }, + setValue: function (sValue) { + value = sValue; + }, + getValue: function () { + return value; + }, + setVersion: function (nVersion) { + if (nVersion < 0 || nVersion > 1) + throw new IllegalArgumentException(_resourceBundle.getString("Cookie.Version", {'version': nVersion})); + version = nVersion; + }, + getVersion: function () { + return version; + } + }; }; $namespace('org.owasp.esapi.reference.encoding'); -org.owasp.esapi.reference.encoding.DefaultEncoder = function(aCodecs) { - var _codecs = [], - _htmlCodec = new org.owasp.esapi.codecs.HTMLEntityCodec(), - _javascriptCodec = new org.owasp.esapi.codecs.JavascriptCodec(), - _cssCodec = new org.owasp.esapi.codecs.CSSCodec(), - _percentCodec = new org.owasp.esapi.codecs.PercentCodec(); - - if (!aCodecs) { - _codecs.push(_htmlCodec); - _codecs.push(_javascriptCodec); - _codecs.push(_cssCodec); - _codecs.push(_percentCodec); - } else { - _codecs = aCodecs; - } - - var IMMUNE_HTML = new Array(',', '.', '-', '_', ' '); - var IMMUNE_HTMLATTR = new Array(',', '.', '-', '_'); - var IMMUNE_CSS = new Array(); - var IMMUNE_JAVASCRIPT = new Array(',', '.', '_'); - - return { - cananicalize: function(sInput, bStrict) { - if (!sInput) { - return null; - } - var working = sInput, codecFound = null, mixedCount = 1, foundCount = 0, clean = false; - while (!clean) { - clean = true; - - _codecs.each(function(codec) { - var old = working; - working = codec.decode(working); - - if (old != working) { - if (codecFound != null && codecFound != codec) { - mixedCount ++; - } - codecFound = codec; - if (clean) { - foundCount ++; - } - clean = false; - } - }); - } - - if (foundCount >= 2 && mixedCount > 1) { - if (bStrict) { - throw new org.owasp.esapi.IntrusionException("Input validation failure", "Multiple (" + foundCount + "x) and mixed encoding (" + mixedCount + "x) detected in " + sInput); - } - } - else if (foundCount >= 2) { - if (bStrict) { - throw new org.owasp.esapi.IntrusionException("Input validation failure", "Multiple (" + foundCount + "x) encoding detected in " + sInput); - } - } - else if (mixedCount > 1) { - if (bStrict) { - throw new org.owasp.esapi.IntrusionException("Input validation failure", "Mixed (" + mixedCount + "x) encoding detected in " + sInput); - } - } - return working; - }, - - normalize: function(sInput) { - return sInput.replace(/[^\x00-\x7F]/g, ''); - }, - - encodeForHTML: function(sInput) { - return !sInput ? null : _htmlCodec.encode(IMMUNE_HTML, sInput); - }, - - decodeForHTML: function(sInput) { - return !sInput ? null : _htmlCodec.decode(sInput); - }, - - encodeForHTMLAttribute: function(sInput) { - return !sInput ? null : _htmlCodec.encode(IMMUNE_HTMLATTR, sInput); - }, - - encodeForCSS: function(sInput) { - return !sInput ? null : _cssCodec.encode(IMMUNE_CSS, sInput); - }, - - encodeForJavaScript: function(sInput) { - return !sInput ? null : _javascriptCodec.encode(IMMUNE_JAVASCRIPT, sInput); - }, - - encodeForJavascript: this.encodeForJavaScript, - - encodeForURL: function(sInput) { - return !sInput ? null : escape(sInput); - }, - - decodeFromURL: function(sInput) { - return !sInput ? null : unescape(sInput); - }, - - encodeForBase64: function(sInput) { - return !sInput ? null : org.owasp.esapi.codecs.Base64.encode(sInput); - }, - - decodeFromBase64: function(sInput) { - return !sInput ? null : org.owasp.esapi.codecs.Base64.decode(sInput); - } - }; +org.owasp.esapi.reference.encoding.DefaultEncoder = function (aCodecs) { + var _codecs = [], + _htmlCodec = new org.owasp.esapi.codecs.HTMLEntityCodec(), + _javascriptCodec = new org.owasp.esapi.codecs.JavascriptCodec(), + _cssCodec = new org.owasp.esapi.codecs.CSSCodec(), + _percentCodec = new org.owasp.esapi.codecs.PercentCodec(); + + if (!aCodecs) { + _codecs.push(_htmlCodec); + _codecs.push(_javascriptCodec); + _codecs.push(_cssCodec); + _codecs.push(_percentCodec); + } else { + _codecs = aCodecs; + } + + var IMMUNE_HTML = new Array(',', '.', '-', '_', ' '); + var IMMUNE_HTMLATTR = new Array(',', '.', '-', '_'); + var IMMUNE_CSS = new Array(); + var IMMUNE_JAVASCRIPT = new Array(',', '.', '_'); + + return { + cananicalize: function (sInput, bStrict) { + if (!sInput) { + return null; + } + var working = sInput, codecFound = null, mixedCount = 1, foundCount = 0, clean = false; + while (!clean) { + clean = true; + + _codecs.each(function (codec) { + var old = working; + working = codec.decode(working); + + if (old != working) { + if (codecFound != null && codecFound != codec) { + mixedCount++; + } + codecFound = codec; + if (clean) { + foundCount++; + } + clean = false; + } + }); + } + + if (foundCount >= 2 && mixedCount > 1) { + if (bStrict) { + throw new org.owasp.esapi.IntrusionException("Input validation failure", "Multiple (" + foundCount + "x) and mixed encoding (" + mixedCount + "x) detected in " + sInput); + } + } + else if (foundCount >= 2) { + if (bStrict) { + throw new org.owasp.esapi.IntrusionException("Input validation failure", "Multiple (" + foundCount + "x) encoding detected in " + sInput); + } + } + else if (mixedCount > 1) { + if (bStrict) { + throw new org.owasp.esapi.IntrusionException("Input validation failure", "Mixed (" + mixedCount + "x) encoding detected in " + sInput); + } + } + return working; + }, + normalize: function (sInput) { + return sInput.replace(/[^\x00-\x7F]/g, ''); + }, + encodeForHTML: function (sInput) { + return !sInput ? null : _htmlCodec.encode(IMMUNE_HTML, sInput); + }, + decodeForHTML: function (sInput) { + return !sInput ? null : _htmlCodec.decode(sInput); + }, + encodeForHTMLAttribute: function (sInput) { + return !sInput ? null : _htmlCodec.encode(IMMUNE_HTMLATTR, sInput); + }, + encodeForCSS: function (sInput) { + return !sInput ? null : _cssCodec.encode(IMMUNE_CSS, sInput); + }, + encodeForJavaScript: function (sInput) { + return !sInput ? null : _javascriptCodec.encode(IMMUNE_JAVASCRIPT, sInput); + }, + encodeForJavascript: this.encodeForJavaScript, + encodeForURL: function (sInput) { + return !sInput ? null : escape(sInput); + }, + decodeFromURL: function (sInput) { + return !sInput ? null : unescape(sInput); + }, + encodeForBase64: function (sInput) { + return !sInput ? null : org.owasp.esapi.codecs.Base64.encode(sInput); + }, + decodeFromBase64: function (sInput) { + return !sInput ? null : org.owasp.esapi.codecs.Base64.decode(sInput); + } + }; }; $namespace('org.owasp.esapi.reference.logging'); -org.owasp.esapi.reference.logging.Log4JSLogFactory = function() { - var loggersMap = Array(); - - var Log4JSLogger = function( sModuleName ) { - var jsLogger = null; - var moduleName = sModuleName?sModuleName:null; - var Level = Log4js.Level; - - var logUrl = false, logApplicationName = false, encodingRequired = false, encodingFunction = $ESAPI.encoder().encodeForHTML; - - jsLogger = Log4js.getLogger( moduleName ); - - var convertESAPILevel = function( nLevel ) { - var Logger = org.owasp.esapi.Logger; - switch (nLevel) { - case Logger.OFF: return Log4js.Level.OFF; - case Logger.FATAL: return Log4js.Level.FATAL; - case Logger.ERROR: return Log4js.Level.ERROR; - case Logger.WARNING: return Log4js.Level.WARN; - case Logger.INFO: return Log4js.Level.INFO; - case Logger.DEBUG: return Log4js.Level.DEBUG; - case Logger.TRACE: return Log4js.Level.TRACE; - case Logger.ALL: return Log4js.Level.ALL; - } - }; - - return { - setLevel: function( nLevel ) { - try { - jsLogger.setLevel( convertESAPILevel( nLevel ) ); - } catch (e) { - this.error( org.owasp.esapi.Logger.SECURITY_FAILURE, "", e ); - } - }, - - trace: function( oEventType, sMessage, oException ) { - this.log( Level.TRACE, oEventType, sMessage, oException ); - }, - - debug: function( oEventType, sMessage, oException ) { - this.log( Level.DEBUG, oEventType, sMessage, oException ); - }, - - info: function( oEventType, sMessage, oException ) { - this.log( Level.INFO, oEventType, sMessage, oException ); - }, - - warning: function( oEventType, sMessage, oException ) { - this.log( Level.WARN, oEventType, sMessage, oException ); - }, - - error: function( oEventType, sMessage, oException ) { - this.log( Level.ERROR, oEventType, sMessage, oException ); - }, - - fatal: function( oEventType, sMessage, oException ) { - this.log( Level.FATAL, oEventType, sMessage, oException ); - }, - - log: function( oLevel, oEventType, sMessage, oException ) { - switch(oLevel) { - case Level.TRACE: if ( !jsLogger.isTraceEnabled() ) { return; } break; - case Level.DEBUG: if ( !jsLogger.isDebugEnabled() ) { return; } break; - case Level.INFO: if ( !jsLogger.isInfoEnabled() ) { return; } break; - case Level.WARNING: if ( !jsLogger.isWarnEnabled() ) { return; } break; - case Level.ERROR: if ( !jsLogger.isErrorEnabled() ) { return; } break; - case Level.FATAL: if ( !jsLogger.isFatalEnabled() ) { return; } break; - } - - if ( !sMessage ) { - sMessage = ""; - } - - sMessage = '[' + oEventType.toString() + '] - ' + sMessage; - - var clean = sMessage.replace("\n","_").replace("\r","_"); - if ( encodingRequired ) { - clean = encodingFunction(clean); - if ( clean != sMessage) { - clean += " [Encoded]"; - } - } - - var appInfo = ( logUrl ? window.location.href : "" ) + - ( logApplicationName ? "/" + $ESAPI.properties.application.Name : "" ); - - jsLogger.log( oLevel, ( appInfo != "" ? "[" + appInfo + "] " : "" ) + clean, oException ); - }, - - addAppender: function( oAppender ) { - jsLogger.addAppender( oAppender ); - }, - - isLogUrl: function() { return logUrl; }, - setLogUrl: function(b) { logUrl = b; }, - isLogApplicationName: function() { return logApplicationName; }, - setLogApplicationName: function(b) { logApplicationName = b; }, - isEncodingRequired: function() { return encodingRequired; }, - setEncodingRequired: function(b) { encodingRequired = b; }, - setEncodingFunction: function(f) { encodingFunction = f; }, - isDebugEnabled: function() { return jsLogger.isDebugEnabled(); }, - isErrorEnabled: function() { return jsLogger.isErrorEnabled(); }, - isFatalEnabled: function() { return jsLogger.isFatalEnabled(); }, - isInfoEnabled: function() { return jsLogger.isInfoEnabled(); }, - isTraceEnabled: function() { return jsLogger.isTraceEnabled(); }, - isWarningEnabled: function() { return jsLogger.isWarnEnabled(); } - }; - }; - - var getLoggerConfig = function( moduleName ) { - var logConfig = $ESAPI.properties.logging; - if ( logConfig[moduleName] ) { - logConfig = logConfig[moduleName]; - } - return logConfig; - }; - - return { - getLogger: function ( moduleName ) { - var key = ( typeof moduleName == 'string' ) ? moduleName : moduleName.constructor.toString(); - var logger = loggersMap[key]; - if ( !logger ) { - logger = new Log4JSLogger(key); - - var logConfig = getLoggerConfig(moduleName); - - logger.setLevel( logConfig.Level ); - logger.setLogUrl( logConfig.LogUrl ); - logger.setLogApplicationName( logConfig.LogApplicationName ); - logger.setEncodingRequired( logConfig.EncodingRequired ); - - if ( logConfig.EncodingFunction ) { - logger.setEncodingFunction( logConfig.EncodingFunction ); - } - - logConfig.Appenders.each(function(e){ - if ( logConfig.Layout ) { - e.setLayout( logConfig.Layout ); - } - logger.addAppender(e); - }); - - loggersMap[key] = logger; - } - return logger; - } - }; +org.owasp.esapi.reference.logging.Log4JSLogFactory = function () { + var loggersMap = Array(); + + var Log4JSLogger = function (sModuleName) { + var jsLogger = null; + var moduleName = sModuleName ? sModuleName : null; + var Level = Log4js.Level; + + var logUrl = false, logApplicationName = false, encodingRequired = false, encodingFunction = $ESAPI.encoder().encodeForHTML; + + jsLogger = Log4js.getLogger(moduleName); + + var convertESAPILevel = function (nLevel) { + var Logger = org.owasp.esapi.Logger; + switch (nLevel) { + case Logger.OFF: + return Log4js.Level.OFF; + case Logger.FATAL: + return Log4js.Level.FATAL; + case Logger.ERROR: + return Log4js.Level.ERROR; + case Logger.WARNING: + return Log4js.Level.WARN; + case Logger.INFO: + return Log4js.Level.INFO; + case Logger.DEBUG: + return Log4js.Level.DEBUG; + case Logger.TRACE: + return Log4js.Level.TRACE; + case Logger.ALL: + return Log4js.Level.ALL; + } + }; + + return { + setLevel: function (nLevel) { + try { + jsLogger.setLevel(convertESAPILevel(nLevel)); + } catch (e) { + this.error(org.owasp.esapi.Logger.SECURITY_FAILURE, "", e); + } + }, + trace: function (oEventType, sMessage, oException) { + this.log(Level.TRACE, oEventType, sMessage, oException); + }, + debug: function (oEventType, sMessage, oException) { + this.log(Level.DEBUG, oEventType, sMessage, oException); + }, + info: function (oEventType, sMessage, oException) { + this.log(Level.INFO, oEventType, sMessage, oException); + }, + warning: function (oEventType, sMessage, oException) { + this.log(Level.WARN, oEventType, sMessage, oException); + }, + error: function (oEventType, sMessage, oException) { + this.log(Level.ERROR, oEventType, sMessage, oException); + }, + fatal: function (oEventType, sMessage, oException) { + this.log(Level.FATAL, oEventType, sMessage, oException); + }, + log: function (oLevel, oEventType, sMessage, oException) { + switch (oLevel) { + case Level.TRACE: + if (!jsLogger.isTraceEnabled()) { + return; + } + break; + case Level.DEBUG: + if (!jsLogger.isDebugEnabled()) { + return; + } + break; + case Level.INFO: + if (!jsLogger.isInfoEnabled()) { + return; + } + break; + case Level.WARNING: + if (!jsLogger.isWarnEnabled()) { + return; + } + break; + case Level.ERROR: + if (!jsLogger.isErrorEnabled()) { + return; + } + break; + case Level.FATAL: + if (!jsLogger.isFatalEnabled()) { + return; + } + break; + } + + if (!sMessage) { + sMessage = ""; + } + + sMessage = '[' + oEventType.toString() + '] - ' + sMessage; + + var clean = sMessage.replace("\n", "_").replace("\r", "_"); + if (encodingRequired) { + clean = encodingFunction(clean); + if (clean != sMessage) { + clean += " [Encoded]"; + } + } + + var appInfo = (logUrl ? window.location.href : "") + + (logApplicationName ? "/" + $ESAPI.properties.application.Name : ""); + + jsLogger.log(oLevel, (appInfo != "" ? "[" + appInfo + "] " : "") + clean, oException); + }, + addAppender: function (oAppender) { + jsLogger.addAppender(oAppender); + }, + isLogUrl: function () { + return logUrl; + }, + setLogUrl: function (b) { + logUrl = b; + }, + isLogApplicationName: function () { + return logApplicationName; + }, + setLogApplicationName: function (b) { + logApplicationName = b; + }, + isEncodingRequired: function () { + return encodingRequired; + }, + setEncodingRequired: function (b) { + encodingRequired = b; + }, + setEncodingFunction: function (f) { + encodingFunction = f; + }, + isDebugEnabled: function () { + return jsLogger.isDebugEnabled(); + }, + isErrorEnabled: function () { + return jsLogger.isErrorEnabled(); + }, + isFatalEnabled: function () { + return jsLogger.isFatalEnabled(); + }, + isInfoEnabled: function () { + return jsLogger.isInfoEnabled(); + }, + isTraceEnabled: function () { + return jsLogger.isTraceEnabled(); + }, + isWarningEnabled: function () { + return jsLogger.isWarnEnabled(); + } + }; + }; + + var getLoggerConfig = function (moduleName) { + var logConfig = $ESAPI.properties.logging; + if (logConfig[moduleName]) { + logConfig = logConfig[moduleName]; + } + return logConfig; + }; + + return { + getLogger: function (moduleName) { + var key = (typeof moduleName == 'string') ? moduleName : moduleName.constructor.toString(); + var logger = loggersMap[key]; + if (!logger) { + logger = new Log4JSLogger(key); + + var logConfig = getLoggerConfig(moduleName); + + logger.setLevel(logConfig.Level); + logger.setLogUrl(logConfig.LogUrl); + logger.setLogApplicationName(logConfig.LogApplicationName); + logger.setEncodingRequired(logConfig.EncodingRequired); + + if (logConfig.EncodingFunction) { + logger.setEncodingFunction(logConfig.EncodingFunction); + } + + logConfig.Appenders.each(function (e) { + if (logConfig.Layout) { + e.setLayout(logConfig.Layout); + } + logger.addAppender(e); + }); + + loggersMap[key] = logger; + } + return logger; + } + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.BaseValidationRule = function( sTypeName, oEncoder, oLocale ) { - var log = $ESAPI.logger( "Validation" ); - var EventType = org.owasp.esapi.Logger.EventType; - - var typename = sTypeName; - var encoder = oEncoder?oEncoder:$ESAPI.encoder(); - var allowNull = false; - - var ResourceBundle = org.owasp.esapi.i18n.ResourceBundle; - - var locale = oLocale?oLocale:$ESAPI.locale(); - var resourceBundle; - - if ( $ESAPI.properties.validation.ResourceBundle ) { - resourceBundle = ResourceBundle.getResourceBundle( $ESAPI.properties.validation.ResourceBundle, locale ); - } - - if ( !resourceBundle ) { - resourceBundle = $ESAPI.resourceBundle(); - log.info( EventType.EVENT_FAILURE, "No Validation ResourceBundle - Defaulting to " + resourceBundle.getName() + "(" + resourceBundle.getLocale().toString() + ")" ); - } - - log.info( EventType.EVENT_SUCCESS, "Validation Rule Initialized with ResourceBundle: " + resourceBundle.getName() ); - - return { - setAllowNull: function(b) { allowNull = b; }, - - isAllowNull: function() { return allowNull; }, - - getTypeName: function() { return typename; }, - - setTypeName: function(s) { typename = s; }, - - setEncoder: function(oEncoder) { encoder = oEncoder; }, - - getEncoder: function() { return encoder; }, - - assertValid: function( sContext, sInput ) { - this.getValid( sContext, sInput ); - }, - - getValid: function( sContext, sInput, oValidationErrorList ) { - var valid = null; - try { - valid = this.getValidInput( sContext, sInput ); - } catch (oValidationException) { - return this.sanitize( sContext, sInput ); - } - return valid; - }, - - getValidInput: function( sContext, sInput ) { - return sInput; - }, - - getSafe: function( sContext, sInput ) { - var valid = null; - try { - valid = this.getValidInput( sContext, sInput ); - } catch (oValidationException) { - return this.sanitize( sContext, sInput ); - } - return valid; - }, - - /** - * The method is similar to ValidationRuile.getSafe except that it returns a - * harmless object that may or may not have any similarity to the original - * input (in some cases you may not care). In most cases this should be the - * same as the getSafe method only instead of throwing an exception, return - * some default value. - * - * @param context - * @param input - * @return a parsed version of the input or a default value. - */ - sanitize: function( sContext, sInput ) { - return sInput; - }, - - isValid: function( sContext, sInput ) { - var valid = false; - try { - this.getValidInput( sContext, sInput ); - valid = true; - } catch (oValidationException) { - return false; - } - return valid; - }, - - /** - * Removes characters that aren't in the whitelist from the input String. - * O(input.length) whitelist performance - * @param input String to be sanitized - * @param whitelist allowed characters - * @return input stripped of all chars that aren't in the whitelist - */ - whitelist: function( sInput, aWhitelist ) { - var stripped = ''; - for ( var i=0;imay or may not have any similarity to the original + * input (in some cases you may not care). In most cases this should be the + * same as the getSafe method only instead of throwing an exception, return + * some default value. + * + * @param context + * @param input + * @return a parsed version of the input or a default value. + */ + sanitize: function (sContext, sInput) { + return sInput; + }, + isValid: function (sContext, sInput) { + var valid = false; + try { + this.getValidInput(sContext, sInput); + valid = true; + } catch (oValidationException) { + return false; + } + return valid; + }, + /** + * Removes characters that aren't in the whitelist from the input String. + * O(input.length) whitelist performance + * @param input String to be sanitized + * @param whitelist allowed characters + * @return input stripped of all chars that aren't in the whitelist + */ + whitelist: function (sInput, aWhitelist) { + var stripped = ''; + for (var i = 0; i < sInput.length; i++) { + var c = sInput.charAt(i); + if (aWhitelist.contains(c)) { + stripped += c; + } + } + return stripped; + }, + getUserMessage: function (sContext, sDefault, oContextValues) { + return this.getMessage(sContext + ".Usr", sDefault + ".Usr", oContextValues); + }, + getLogMessage: function (sContext, sDefault, oContextValues) { + return this.getMessage(sContext + ".Log", sDefault + ".Log", oContextValues); + }, + getMessage: function (sContext, sDefault, oContextValues) { + return resourceBundle.getString(sContext, oContextValues) ? resourceBundle.getString(sContext, oContextValues) : resourceBundle.getString(sDefault, oContextValues); + }, + validationException: function (sContext, sDefault, sValidation, oContextValues) { + throw new org.owasp.esapi.reference.validation.ValidationException( + this.getUserMessage(sContext + "." + sValidation, sDefault + "." + sValidation, oContextValues), + this.getLogMessage(sContext + "." + sValidation, sDefault + "." + sValidation, oContextValues), + sContext + ); + } + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.CreditCardValidationRule = function( sTypeName, oEncoder, oLocale ) { - var _super = new org.owasp.esapi.reference.validation.BaseValidationRule( sTypeName, oEncoder, oLocale ); - var _validationType = "CreditCard"; - - var maxCardLength = 19; - var ccrule; - - var readDefaultCreditCardRule = function() { - var p = new RegExp( $ESAPI.properties.validation.CreditCard ); - var ccr = new org.owasp.esapi.reference.validation.StringValidationRule( "ccrule", _super.getEncoder(), oLocale, p ); - ccr.setMaxLength( maxCardLength ); - ccr.setAllowNull( false ); - return ccr; - }; - - ccRule = readDefaultCreditCardRule(); - - var validCreditCardFormat = function( ccNum ) { - var digitsonly = ''; - var c; - for (var i=0;o=0; j--) { - digit = parseInt(digitsonly.substring(j,i+1)); - if ( timesTwo ) { - addend = digit * 2; - if ( addend > 9 ) addend -= 9; - } else { - addend = digit; - } - sum += addend; - timesTwo = !timesTwo; - } - return sum % 10 == 0; - }; - - return { - getMaxCardLength: function() { return maxCardLength; }, - - setMaxCardLength: function(n) { maxCardLength = n; }, - - setAllowNull: _super.setAllowNull, - - isAllowNull: _super.isAllowNull, - - getTypeName: _super.getTypeName, - - setTypeName: _super.setTypeName, - - setEncoder: _super.setEncoder, - - getEncoder: _super.getEncoder, - - assertValid: _super.assertValid, - - getValid: _super.getValid, - - getValidInput: function( sContext, sInput ) { - if ( !sInput || sInput.trim() == '' ) { - if ( this.isAllowNull() ) { - return null; - } - _super.validationException( sContext, _validationType, "Required", { "context":sContext, "input":sInput } ); - } - - var canonical = ccrule.getValid( sContext, sInput ); - - if ( !validCreditCardFormat(canonical) ) { - _super.validationException( sContext, _validationType, "Invalid", { "context":sContext, "input":sInput } ); - } - - return canonical; - }, - - getSafe: _super.getSafe, - - sanitize: function( sContext, sInput ) { - return this.whitelist( sInput, org.owasp.esapi.EncoderConstants.CHAR_DIGITS ); - }, - - isValid: _super.isValid, - - whitelist: _super.whitelist - }; +org.owasp.esapi.reference.validation.CreditCardValidationRule = function (sTypeName, oEncoder, oLocale) { + var _super = new org.owasp.esapi.reference.validation.BaseValidationRule(sTypeName, oEncoder, oLocale); + var _validationType = "CreditCard"; + + var maxCardLength = 19; + var ccrule; + + var readDefaultCreditCardRule = function () { + var p = new RegExp($ESAPI.properties.validation.CreditCard); + var ccr = new org.owasp.esapi.reference.validation.StringValidationRule("ccrule", _super.getEncoder(), oLocale, p); + ccr.setMaxLength(maxCardLength); + ccr.setAllowNull(false); + return ccr; + }; + + ccRule = readDefaultCreditCardRule(); + + var validCreditCardFormat = function (ccNum) { + var digitsonly = ''; + var c; + for (var i = 0; o < ccNum.length; i++) { + c = ccNum.charAt(i); + if (c.match(/[0-9]/)) + digitsonly += c; + } + + var sum = 0, digit = 0, addend = 0, timesTwo = false; + + for (var j = digitsonly.length - 1; j >= 0; j--) { + digit = parseInt(digitsonly.substring(j, i + 1)); + if (timesTwo) { + addend = digit * 2; + if (addend > 9) + addend -= 9; + } else { + addend = digit; + } + sum += addend; + timesTwo = !timesTwo; + } + return sum % 10 == 0; + }; + + return { + getMaxCardLength: function () { + return maxCardLength; + }, + setMaxCardLength: function (n) { + maxCardLength = n; + }, + setAllowNull: _super.setAllowNull, + isAllowNull: _super.isAllowNull, + getTypeName: _super.getTypeName, + setTypeName: _super.setTypeName, + setEncoder: _super.setEncoder, + getEncoder: _super.getEncoder, + assertValid: _super.assertValid, + getValid: _super.getValid, + getValidInput: function (sContext, sInput) { + if (!sInput || sInput.trim() == '') { + if (this.isAllowNull()) { + return null; + } + _super.validationException(sContext, _validationType, "Required", {"context": sContext, "input": sInput}); + } + + var canonical = ccrule.getValid(sContext, sInput); + + if (!validCreditCardFormat(canonical)) { + _super.validationException(sContext, _validationType, "Invalid", {"context": sContext, "input": sInput}); + } + + return canonical; + }, + getSafe: _super.getSafe, + sanitize: function (sContext, sInput) { + return this.whitelist(sInput, org.owasp.esapi.EncoderConstants.CHAR_DIGITS); + }, + isValid: _super.isValid, + whitelist: _super.whitelist + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.DateValidationRule = function( sTypeName, oEncoder, oLocale ) { - var _super = new org.owasp.esapi.reference.validation.BaseValidationRule( sTypeName, oEncoder, oLocale ); - var _validationTarget = "Date"; - - var format = DateFormat.getDateInstance(); - - var safelyParse = function(sContext,sInput) { - if ( !sContext || sContext.trim() == '' ) { - if ( _super.isAllowNull() ) { - return null; - } - _super.validationException( sContext, _validationTarget, "Required", { "context":sContext, "input":sInput, "format":format } ); - } - - var canonical = _super.getEncoder().cananicalize(sInput); - - try { - return format.parse(canonical); - } catch (e) { - _super.validationException( sContext, _validationTarget, "Invalid", { "context":sContext, "input":sInput, "format":format } ); - } - }; - - return { - setDateFormat: function(fmt) { - if ( !fmt ) { - throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat"); - } - format = fmt; - }, - - setAllowNull: _super.setAllowNull, - - isAllowNull: _super.isAllowNull, - - getTypeName: _super.getTypeName, - - setTypeName: _super.setTypeName, - - setEncoder: _super.setEncoder, - - getEncoder: _super.getEncoder, - - assertValid: _super.assertValid, - - getValid: _super.getValid, - - getValidInput: function( sContext, sInput ) { - return safelyParse(sContext,sInput); - }, - - getSafe: _super.getSafe, - - sanitize: function( sContext, sInput ) { - var date = new Date(0); - try { - date = safelyParse(sContext,sInput); - } catch (e) { } - return date; - }, - - isValid: _super.isValid, - - whitelist: _super.whitelist - }; +org.owasp.esapi.reference.validation.DateValidationRule = function (sTypeName, oEncoder, oLocale) { + var _super = new org.owasp.esapi.reference.validation.BaseValidationRule(sTypeName, oEncoder, oLocale); + var _validationTarget = "Date"; + + var format = DateFormat.getDateInstance(); + + var safelyParse = function (sContext, sInput) { + if (!sContext || sContext.trim() == '') { + if (_super.isAllowNull()) { + return null; + } + _super.validationException(sContext, _validationTarget, "Required", {"context": sContext, "input": sInput, "format": format}); + } + + var canonical = _super.getEncoder().cananicalize(sInput); + + try { + return format.parse(canonical); + } catch (e) { + _super.validationException(sContext, _validationTarget, "Invalid", {"context": sContext, "input": sInput, "format": format}); + } + }; + + return { + setDateFormat: function (fmt) { + if (!fmt) { + throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat"); + } + format = fmt; + }, + setAllowNull: _super.setAllowNull, + isAllowNull: _super.isAllowNull, + getTypeName: _super.getTypeName, + setTypeName: _super.setTypeName, + setEncoder: _super.setEncoder, + getEncoder: _super.getEncoder, + assertValid: _super.assertValid, + getValid: _super.getValid, + getValidInput: function (sContext, sInput) { + return safelyParse(sContext, sInput); + }, + getSafe: _super.getSafe, + sanitize: function (sContext, sInput) { + var date = new Date(0); + try { + date = safelyParse(sContext, sInput); + } catch (e) { + } + return date; + }, + isValid: _super.isValid, + whitelist: _super.whitelist + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.DefaultValidator = function( oEncoder, oLocale ) { - var rules = Array(); - var encoder = oEncoder?oEncoder:$ESAPI.encoder(); - var locale = oLocale?oLocale:org.owasp.esapi.i18n.Locale.getDefault(); - - var p = org.owasp.esapi.reference.validation; - - return { - addRule: function( oValidationRule ) { - rules[oValidationRule.getName()] = oValidationRule; - }, - - getRule: function( sName ) { - return rules[sName]; - }, - - isValidInput: function( sContext, sInput, sType, nMaxLength, bAllowNull ) { - try { - this.getValidInput( sContext, sInput, sType, nMaxLength, bAllowNull ); - return true; - } catch (e) { - return false; - } - }, - - getValidInput: function( sContext, sInput, sType, nMaxLength, bAllowNull, oValidationErrorList ) { - var rvr = new org.owasp.esapi.reference.validation.StringValidationRule( sType, encoder, locale ); - var p = new RegExp($ESAPI.properties.validation[sType]); - if ( p && p instanceof RegExp ) { - rvr.addWhitelistPattern( p ); - } else { - throw new IllegalArgumentException("Invalid Type: " + sType + " not found."); - } - rvr.setMaxLength( nMaxLength ); - rvr.setAllowNull( bAllowNull ); - - try { - return rvr.getValid(sContext,sInput); - } catch (e) { - if ( e instanceof p.ValidationErrorList && oValidationErrorList ) { - oValidationErrorList.addError( sContext, e ); - } - throw e; - } - }, - - isValidDate: function( sContext, sInput, oDateFormat, bAllowNull ) { - try { - this.getValidDate( sContext, sInput, oDateFormat, bAllowNull ); - return true; - } catch (e) { - return false; - } - }, - - getValidDate: function( sContext, sInput, oDateFormat, bAllowNull, oValidationErrorList ) { - var dvr = new p.DateValidationRule( sContext, encoder, locale ); - dvr.setAllowNull( bAllowNull ); - dvr.setDateFormat(oDateFormat); - try { - return dvr.getValid( sContext, sInput ); - } catch (e) { - if ( e instanceof p.ValidationErrorList && oValidationErrorList ) { - oValidationErrorList.addError( sContext, e ); - } - throw e; - } - }, - - getValidCreditCard: function( sContext, sInput, bAllowNull, oValidationErrorList ) { - var ccr = new p.CreditCardValidationRule( sContext, encoder, locale ); - ccr.setAllowNull(bAllowNull); - - try { - return ccr.getValid(sContext,sInput); - } catch (e) { - if ( e instanceof p.ValidationErrorList && oValidationErrorList ) { - oValidationErrorList.addError( sContext, e ); - } - throw e; - } - }, - - isValidCreditCard: function( sContext, sInput, bAllowNull ) { - try { - this.getValidCreditCard( sContext,sInput,bAllowNull ); - return true; - } catch (e) { - return false; - } - }, - - getValidNumber: function( sContext, sInput, bAllowNull, nMinValue, nMaxValue, oValidationErrorList ) { - var nvr = new p.NumberValidationRule( sContext, encoder, locale, nMinValue, nMaxValue ); - nvr.setAllowNull(bAllowNull); - - try { - return nvr.getValid(sContext, sInput); - } catch(e) { - if ( e instanceof p.ValidationErrorList && oValidationErrorList ) { - oValidationErrorList.addError( sContext, e ); - } - throw e; - } - }, - - isValidNumber: function( sContext, sInput, bAllowNull, nMinValue, nMaxValue ) { - try { - this.getValidNumber(sContext,sInput,bAllowNull,nMinValue,nMaxValue); - return true; - } catch (e) { - return false; - } - }, - - getValidInteger: function( sContext, sInput, bAllowNull, nMinValue, nMaxValue, oValidationErrorList ) { - var nvr = new p.IntegerValidationRule( sContext, encoder, locale, nMinValue, nMaxValue ); - nvr.setAllowNull(bAllowNull); - - try { - return nvr.getValid(sContext, sInput); - } catch(e) { - if ( e instanceof p.ValidationErrorList && oValidationErrorList ) { - oValidationErrorList.addError( sContext, e ); - } - throw e; - } - }, - - isValidInteger: function( sContext, sInput, bAllowNull, nMinValue, nMaxValue ) { - try { - this.getValidInteger(sContext,sInput,bAllowNull,nMinValue,nMaxValue); - return true; - } catch (e) { - return false; - } - } - }; +org.owasp.esapi.reference.validation.DefaultValidator = function (oEncoder, oLocale) { + var rules = Array(); + var encoder = oEncoder ? oEncoder : $ESAPI.encoder(); + var locale = oLocale ? oLocale : org.owasp.esapi.i18n.Locale.getDefault(); + + var p = org.owasp.esapi.reference.validation; + + return { + addRule: function (oValidationRule) { + rules[oValidationRule.getName()] = oValidationRule; + }, + getRule: function (sName) { + return rules[sName]; + }, + isValidInput: function (sContext, sInput, sType, nMaxLength, bAllowNull) { + try { + this.getValidInput(sContext, sInput, sType, nMaxLength, bAllowNull); + return true; + } catch (e) { + return false; + } + }, + getValidInput: function (sContext, sInput, sType, nMaxLength, bAllowNull, oValidationErrorList) { + var rvr = new org.owasp.esapi.reference.validation.StringValidationRule(sType, encoder, locale); + var p = new RegExp($ESAPI.properties.validation[sType]); + if (p && p instanceof RegExp) { + rvr.addWhitelistPattern(p); + } else { + throw new IllegalArgumentException("Invalid Type: " + sType + " not found."); + } + rvr.setMaxLength(nMaxLength); + rvr.setAllowNull(bAllowNull); + + try { + return rvr.getValid(sContext, sInput); + } catch (e) { + if (e instanceof p.ValidationErrorList && oValidationErrorList) { + oValidationErrorList.addError(sContext, e); + } + throw e; + } + }, + isValidDate: function (sContext, sInput, oDateFormat, bAllowNull) { + try { + this.getValidDate(sContext, sInput, oDateFormat, bAllowNull); + return true; + } catch (e) { + return false; + } + }, + getValidDate: function (sContext, sInput, oDateFormat, bAllowNull, oValidationErrorList) { + var dvr = new p.DateValidationRule(sContext, encoder, locale); + dvr.setAllowNull(bAllowNull); + dvr.setDateFormat(oDateFormat); + try { + return dvr.getValid(sContext, sInput); + } catch (e) { + if (e instanceof p.ValidationErrorList && oValidationErrorList) { + oValidationErrorList.addError(sContext, e); + } + throw e; + } + }, + getValidCreditCard: function (sContext, sInput, bAllowNull, oValidationErrorList) { + var ccr = new p.CreditCardValidationRule(sContext, encoder, locale); + ccr.setAllowNull(bAllowNull); + + try { + return ccr.getValid(sContext, sInput); + } catch (e) { + if (e instanceof p.ValidationErrorList && oValidationErrorList) { + oValidationErrorList.addError(sContext, e); + } + throw e; + } + }, + isValidCreditCard: function (sContext, sInput, bAllowNull) { + try { + this.getValidCreditCard(sContext, sInput, bAllowNull); + return true; + } catch (e) { + return false; + } + }, + getValidNumber: function (sContext, sInput, bAllowNull, nMinValue, nMaxValue, oValidationErrorList) { + var nvr = new p.NumberValidationRule(sContext, encoder, locale, nMinValue, nMaxValue); + nvr.setAllowNull(bAllowNull); + + try { + return nvr.getValid(sContext, sInput); + } catch (e) { + if (e instanceof p.ValidationErrorList && oValidationErrorList) { + oValidationErrorList.addError(sContext, e); + } + throw e; + } + }, + isValidNumber: function (sContext, sInput, bAllowNull, nMinValue, nMaxValue) { + try { + this.getValidNumber(sContext, sInput, bAllowNull, nMinValue, nMaxValue); + return true; + } catch (e) { + return false; + } + }, + getValidInteger: function (sContext, sInput, bAllowNull, nMinValue, nMaxValue, oValidationErrorList) { + var nvr = new p.IntegerValidationRule(sContext, encoder, locale, nMinValue, nMaxValue); + nvr.setAllowNull(bAllowNull); + + try { + return nvr.getValid(sContext, sInput); + } catch (e) { + if (e instanceof p.ValidationErrorList && oValidationErrorList) { + oValidationErrorList.addError(sContext, e); + } + throw e; + } + }, + isValidInteger: function (sContext, sInput, bAllowNull, nMinValue, nMaxValue) { + try { + this.getValidInteger(sContext, sInput, bAllowNull, nMinValue, nMaxValue); + return true; + } catch (e) { + return false; + } + } + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.IntegerValidationRule = function( sTypeName, oEncoder, oLocale, nMinValue, nMaxValue ) { - var _super = new org.owasp.esapi.reference.validation.BaseValidationRule( sTypeName, oEncoder, oLocale ); - var _validationTarget = "Integer"; - - var minValue = nMinValue?nMinValue:Number.MIN_VALUE; - var maxValue = nMaxValue?nMaxValue:Number.MAX_VALUE; - - if ( minValue >= maxValue ) { - throw new IllegalArgumentException( "minValue must be less than maxValue" ); - } - - var safelyParse = function(sContext,sInput) { - if ( !sInput || sInput.trim() == '' ) { - if ( _super.allowNull() ) { - return null; - } - _super.validationException( sContext, _validationTarget, "Required", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - - var canonical = _super.getEncoder().cananicalize(sInput); - - var n = parseInt(canonical); - if ( n == 'NaN' ) { - _super.validationException( sContext, _validationTarget, "NaN", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - if ( n < minValue ) { - _super.validationException( sContext, _validationTarget, "MinValue", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - if ( n > maxValue ) { - _super.validationException( sContext, _validationTarget, "MaxValue", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - return n; - }; - - return { - setMinValue: function(n) { minValue = n; }, - - getMinValue: function() { return minValue; }, - - setMaxValue: function(n) { maxValue = n; }, - - getMaxValue: function() { return maxValue; }, - - setAllowNull: _super.setAllowNull, - - isAllowNull: _super.isAllowNull, - - getTypeName: _super.getTypeName, - - setTypeName: _super.setTypeName, - - setEncoder: _super.setEncoder, - - getEncoder: _super.getEncoder, - - assertValid: _super.assertValid, - - getValid: _super.getValid, - - getValidInput: function( sContext, sInput ) { - return safelyParse(sContext,sInput); - }, - - getSafe: _super.getSafe, - - sanitize: function( sContext, sInput ) { - var n = 0; - try { - n = safelyParse(sContext,sInput); - } catch (e) { } - return n; - }, - - isValid: _super.isValid, - - whitelist: _super.whitelist - }; +org.owasp.esapi.reference.validation.IntegerValidationRule = function (sTypeName, oEncoder, oLocale, nMinValue, nMaxValue) { + var _super = new org.owasp.esapi.reference.validation.BaseValidationRule(sTypeName, oEncoder, oLocale); + var _validationTarget = "Integer"; + + var minValue = nMinValue ? nMinValue : Number.MIN_VALUE; + var maxValue = nMaxValue ? nMaxValue : Number.MAX_VALUE; + + if (minValue >= maxValue) { + throw new IllegalArgumentException("minValue must be less than maxValue"); + } + + var safelyParse = function (sContext, sInput) { + if (!sInput || sInput.trim() == '') { + if (_super.allowNull()) { + return null; + } + _super.validationException(sContext, _validationTarget, "Required", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + + var canonical = _super.getEncoder().cananicalize(sInput); + + var n = parseInt(canonical); + if (n == 'NaN') { + _super.validationException(sContext, _validationTarget, "NaN", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + if (n < minValue) { + _super.validationException(sContext, _validationTarget, "MinValue", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + if (n > maxValue) { + _super.validationException(sContext, _validationTarget, "MaxValue", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + return n; + }; + + return { + setMinValue: function (n) { + minValue = n; + }, + getMinValue: function () { + return minValue; + }, + setMaxValue: function (n) { + maxValue = n; + }, + getMaxValue: function () { + return maxValue; + }, + setAllowNull: _super.setAllowNull, + isAllowNull: _super.isAllowNull, + getTypeName: _super.getTypeName, + setTypeName: _super.setTypeName, + setEncoder: _super.setEncoder, + getEncoder: _super.getEncoder, + assertValid: _super.assertValid, + getValid: _super.getValid, + getValidInput: function (sContext, sInput) { + return safelyParse(sContext, sInput); + }, + getSafe: _super.getSafe, + sanitize: function (sContext, sInput) { + var n = 0; + try { + n = safelyParse(sContext, sInput); + } catch (e) { + } + return n; + }, + isValid: _super.isValid, + whitelist: _super.whitelist + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.NumberValidationRule = function( sTypeName, oEncoder, oLocale, fMinValue, fMaxValue ) { - var _super = new org.owasp.esapi.reference.validation.BaseValidationRule( sTypeName, oEncoder, oLocale ); - var _validationTarget = 'Number'; - - var minValue = fMinValue?fMinValue:Number.MIN_VALUE; - var maxValue = fMaxValue?fMaxValue:Number.MAX_VALUE; - - if ( minValue >= maxValue ) throw new IllegalArgumentException("MinValue must be less that MaxValue"); - - var safelyParse = function( sContext, sInput ) { - if ( !sInput || sInput.trim() == '' ) { - if ( _super.isAllowNull() ) { - return null; - } - _super.validationException( sContext, _validationTarget, "Required", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - - var canonical = _super.getEncoder().cananicalize( sInput ); - - var f = 0.0; - try { - f = parseFloat( canonical ); - } catch (e) { - _super.validationException( sContext, _validationTarget, "Invalid", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - - if ( f == 'NaN' ) { - _super.validationException( sContext, _validationTarget, "NaN", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - if ( f < minValue ) { - _super.validationException( sContext, _validationTarget, "MinValue", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - if ( f > maxValue ) { - _super.validationException( sContext, _validationTarget, "MaxValue", { "context":sContext, "input":sInput, "minValue":minValue, "maxValue":maxValue } ); - } - return f; - }; - - return { - setMinValue: function(n) { minValue = n; }, - - getMinValue: function() { return minValue; }, - - setMaxValue: function(n) { maxValue = n; }, - - getMaxValue: function() { return maxValue; }, - - setAllowNull: _super.setAllowNull, - - isAllowNull: _super.isAllowNull, - - getTypeName: _super.getTypeName, - - setTypeName: _super.setTypeName, - - setEncoder: _super.setEncoder, - - getEncoder: _super.getEncoder, - - assertValid: _super.assertValid, - - getValid: _super.getValid, - - getValidInput: function( sContext, sInput ) { - return safelyParse(sContext,sInput); - }, - - getSafe: _super.getSafe, - - sanitize: function( sContext, sInput ) { - var n = 0; - try { - n = safelyParse(sContext,sInput); - } catch (e) { } - return n; - }, - - isValid: _super.isValid, - - whitelist: _super.whitelist - }; +org.owasp.esapi.reference.validation.NumberValidationRule = function (sTypeName, oEncoder, oLocale, fMinValue, fMaxValue) { + var _super = new org.owasp.esapi.reference.validation.BaseValidationRule(sTypeName, oEncoder, oLocale); + var _validationTarget = 'Number'; + + var minValue = fMinValue ? fMinValue : Number.MIN_VALUE; + var maxValue = fMaxValue ? fMaxValue : Number.MAX_VALUE; + + if (minValue >= maxValue) + throw new IllegalArgumentException("MinValue must be less that MaxValue"); + + var safelyParse = function (sContext, sInput) { + if (!sInput || sInput.trim() == '') { + if (_super.isAllowNull()) { + return null; + } + _super.validationException(sContext, _validationTarget, "Required", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + + var canonical = _super.getEncoder().cananicalize(sInput); + + var f = 0.0; + try { + f = parseFloat(canonical); + } catch (e) { + _super.validationException(sContext, _validationTarget, "Invalid", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + + if (f == 'NaN') { + _super.validationException(sContext, _validationTarget, "NaN", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + if (f < minValue) { + _super.validationException(sContext, _validationTarget, "MinValue", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + if (f > maxValue) { + _super.validationException(sContext, _validationTarget, "MaxValue", {"context": sContext, "input": sInput, "minValue": minValue, "maxValue": maxValue}); + } + return f; + }; + + return { + setMinValue: function (n) { + minValue = n; + }, + getMinValue: function () { + return minValue; + }, + setMaxValue: function (n) { + maxValue = n; + }, + getMaxValue: function () { + return maxValue; + }, + setAllowNull: _super.setAllowNull, + isAllowNull: _super.isAllowNull, + getTypeName: _super.getTypeName, + setTypeName: _super.setTypeName, + setEncoder: _super.setEncoder, + getEncoder: _super.getEncoder, + assertValid: _super.assertValid, + getValid: _super.getValid, + getValidInput: function (sContext, sInput) { + return safelyParse(sContext, sInput); + }, + getSafe: _super.getSafe, + sanitize: function (sContext, sInput) { + var n = 0; + try { + n = safelyParse(sContext, sInput); + } catch (e) { + } + return n; + }, + isValid: _super.isValid, + whitelist: _super.whitelist + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.StringValidationRule = function( sTypeName, oEncoder, oLocale, sWhiteListPattern ) { - var _super = new org.owasp.esapi.reference.validation.BaseValidationRule( sTypeName, oEncoder, oLocale ); - var _validationTarget = 'String'; - - var whitelistPatterns = Array(); - var blacklistPatterns = Array(); - var minLength = 0; - var maxLength = Number.MAX_VALUE; - var validateInputAndCanonical = true; - - if ( sWhiteListPattern ) { - if ( sWhiteListPattern instanceof String ) { - whitelistPatterns.push( new RegExp(sWhiteListPattern) ); - } else if ( sWhiteListPattern instanceof RegExp ) { - whitelistPatterns.push( sWhiteListPattern ); - } else { - throw new IllegalArgumentException("sWhiteListPattern must be a string containing RegExp or a RegExp Object"); - } - } - - var checkWhitelist = function( sContext, sInput, sOrig ) { - whitelistPatterns.each(function(p){ - if ( sInput.match(p) ) { - _super.validationException( sContext, _validationTarget, "Whitelist", { "context":sContext, "input":sInput, "orig":sOrig, "pattern":p.toString(), "minLength":minLength, "maxLength":maxLength, "validateInputAndCanonical":validateInputAndCanonical } ); - } - }); - }; - - var checkBlacklist = function( sContext, sInput, sOrig ) { - blacklistPatterns.each(function(p){ - if ( sInput.match(p) ) { - _super.validationException( sContext, _validationTarget, "Blacklist", { "context":sContext, "input":sInput, "orig":sOrig, "pattern":p.toString(), "minLength":minLength, "maxLength":maxLength, "validateInputAndCanonical":validateInputAndCanonical } ); - } - }); - }; - - var checkLength = function( sContext, sInput, sOrig ) { - if ( sInput.length < minLength ) { - _super.validationException( sContext, _validationTarget, "MinLength", { "context":sContext, "input":sInput, "orig":sOrig, "minLength":minLength, "maxLength":maxLength, "validateInputAndCanonical":validateInputAndCanonical } ); - } - if ( sInput.length > maxLength ) { - _super.validationException( sContext, _validationTarget, "MaxLength", { "context":sContext, "input":sInput, "orig":sOrig, "minLength":minLength, "maxLength":maxLength, "validateInputAndCanonical":validateInputAndCanonical } ); - } - return sInput; - }; - - var checkEmpty = function( sContext, sInput, sOrig ) { - if ( !sInput || sInput.trim() == '' ) { - if ( _super.isAllowNull() ) { - return null; - } - _super.validationException( sContext, _validationTarget, "Required", { "context":sContext, "input":sInput, "orig":sOrig, "minLength":minLength, "maxLength":maxLength, "validateInputAndCanonical":validateInputAndCanonical } ); - } - }; - - return { - addWhitelistPattern: function(p) { - if ( p instanceof String ) { - whitelistPatterns.push( new RegExp(p) ); - } else if ( p instanceof RegExp ) { - whitelistPatterns.push(p); - } else { - throw new IllegalArgumentException("p must be a string containing RegExp or a RegExp Object"); - } - }, - - addBlacklistPattern: function(p) { - if ( p instanceof String ) { - blacklistPatterns.push( new RegExp(p) ); - } else if ( p instanceof RegExp ) { - blacklistPatterns.push(p); - } else { - throw new IllegalArgumentException("p must be a string containing RegExp or a RegExp Object"); - } - }, - - setMinLength: function(n) { minLength = n; }, - - getMinLength: function() { return minLength; }, - - setMaxLength: function(n) { maxLength = n; }, - - getMaxLength: function() { return maxLength; }, - - setValidateInputAndCanonical: function(b) { validateInputAndCanonical = b; }, - - isValidateInputAndCanonical: function() { return validateInputAndCanonical; }, - - setAllowNull: _super.setAllowNull, - - isAllowNull: _super.isAllowNull, - - getTypeName: _super.getTypeName, - - setTypeName: _super.setTypeName, - - setEncoder: _super.setEncoder, - - getEncoder: _super.getEncoder, - - assertValid: _super.assertValid, - - getValid: _super.getValid, - - getValidInput: function( sContext, sInput ) { - var canonical = null; - - if ( checkEmpty( sContext, sInput ) == null ) { - return null; - } - - if ( validateInputAndCanonical ) { - checkLength(sContext, sInput); - checkWhitelist(sContext,sInput); - checkBlacklist(sContext,sInput); - } - - canonical = this.getEncoder().cananicalize(sInput); - - if ( checkEmpty( sContext, canonical, sInput ) == null ) { - return null; - } - - checkLength( sContext, canonical, sInput ); - checkWhitelist( sContext, canonical, sInput ); - checkBlacklist( sContext, canonical, sInput ); - - return canonical; - }, - - getSafe: _super.getSafe, - - sanitize: function( sContext, sInput ) { - return this.whitelist( sInput, org.owasp.esapi.EncoderConstants.CHAR_ALNUM ); - }, - - isValid: _super.isValid, - - whitelist: _super.whitelist - }; +org.owasp.esapi.reference.validation.StringValidationRule = function (sTypeName, oEncoder, oLocale, sWhiteListPattern) { + var _super = new org.owasp.esapi.reference.validation.BaseValidationRule(sTypeName, oEncoder, oLocale); + var _validationTarget = 'String'; + + var whitelistPatterns = Array(); + var blacklistPatterns = Array(); + var minLength = 0; + var maxLength = Number.MAX_VALUE; + var validateInputAndCanonical = true; + + if (sWhiteListPattern) { + if (sWhiteListPattern instanceof String) { + whitelistPatterns.push(new RegExp(sWhiteListPattern)); + } else if (sWhiteListPattern instanceof RegExp) { + whitelistPatterns.push(sWhiteListPattern); + } else { + throw new IllegalArgumentException("sWhiteListPattern must be a string containing RegExp or a RegExp Object"); + } + } + + var checkWhitelist = function (sContext, sInput, sOrig) { + whitelistPatterns.each(function (p) { + if (sInput.match(p)) { + _super.validationException(sContext, _validationTarget, "Whitelist", {"context": sContext, "input": sInput, "orig": sOrig, "pattern": p.toString(), "minLength": minLength, "maxLength": maxLength, "validateInputAndCanonical": validateInputAndCanonical}); + } + }); + }; + + var checkBlacklist = function (sContext, sInput, sOrig) { + blacklistPatterns.each(function (p) { + if (sInput.match(p)) { + _super.validationException(sContext, _validationTarget, "Blacklist", {"context": sContext, "input": sInput, "orig": sOrig, "pattern": p.toString(), "minLength": minLength, "maxLength": maxLength, "validateInputAndCanonical": validateInputAndCanonical}); + } + }); + }; + + var checkLength = function (sContext, sInput, sOrig) { + if (sInput.length < minLength) { + _super.validationException(sContext, _validationTarget, "MinLength", {"context": sContext, "input": sInput, "orig": sOrig, "minLength": minLength, "maxLength": maxLength, "validateInputAndCanonical": validateInputAndCanonical}); + } + if (sInput.length > maxLength) { + _super.validationException(sContext, _validationTarget, "MaxLength", {"context": sContext, "input": sInput, "orig": sOrig, "minLength": minLength, "maxLength": maxLength, "validateInputAndCanonical": validateInputAndCanonical}); + } + return sInput; + }; + + var checkEmpty = function (sContext, sInput, sOrig) { + if (!sInput || sInput.trim() == '') { + if (_super.isAllowNull()) { + return null; + } + _super.validationException(sContext, _validationTarget, "Required", {"context": sContext, "input": sInput, "orig": sOrig, "minLength": minLength, "maxLength": maxLength, "validateInputAndCanonical": validateInputAndCanonical}); + } + }; + + return { + addWhitelistPattern: function (p) { + if (p instanceof String) { + whitelistPatterns.push(new RegExp(p)); + } else if (p instanceof RegExp) { + whitelistPatterns.push(p); + } else { + throw new IllegalArgumentException("p must be a string containing RegExp or a RegExp Object"); + } + }, + addBlacklistPattern: function (p) { + if (p instanceof String) { + blacklistPatterns.push(new RegExp(p)); + } else if (p instanceof RegExp) { + blacklistPatterns.push(p); + } else { + throw new IllegalArgumentException("p must be a string containing RegExp or a RegExp Object"); + } + }, + setMinLength: function (n) { + minLength = n; + }, + getMinLength: function () { + return minLength; + }, + setMaxLength: function (n) { + maxLength = n; + }, + getMaxLength: function () { + return maxLength; + }, + setValidateInputAndCanonical: function (b) { + validateInputAndCanonical = b; + }, + isValidateInputAndCanonical: function () { + return validateInputAndCanonical; + }, + setAllowNull: _super.setAllowNull, + isAllowNull: _super.isAllowNull, + getTypeName: _super.getTypeName, + setTypeName: _super.setTypeName, + setEncoder: _super.setEncoder, + getEncoder: _super.getEncoder, + assertValid: _super.assertValid, + getValid: _super.getValid, + getValidInput: function (sContext, sInput) { + var canonical = null; + + if (checkEmpty(sContext, sInput) == null) { + return null; + } + + if (validateInputAndCanonical) { + checkLength(sContext, sInput); + checkWhitelist(sContext, sInput); + checkBlacklist(sContext, sInput); + } + + canonical = this.getEncoder().cananicalize(sInput); + + if (checkEmpty(sContext, canonical, sInput) == null) { + return null; + } + + checkLength(sContext, canonical, sInput); + checkWhitelist(sContext, canonical, sInput); + checkBlacklist(sContext, canonical, sInput); + + return canonical; + }, + getSafe: _super.getSafe, + sanitize: function (sContext, sInput) { + return this.whitelist(sInput, org.owasp.esapi.EncoderConstants.CHAR_ALNUM); + }, + isValid: _super.isValid, + whitelist: _super.whitelist + }; }; $namespace('org.owasp.esapi.reference.validation'); -org.owasp.esapi.reference.validation.ValidationException = function( sUserMessage, sLogMessage ) { - var oException, sContext; - if ( arguments[2] && arguments[2] instanceof Exception ) { - oException = arguments[2]; - if ( arguments[3] && arguments[3] instanceof String ) { - sContext = arguments[3]; - } - } else if ( arguments[2] && arguments[2] instanceof String ) { - sContext = arguments[2]; - } - - var _super = new org.owasp.esapi.EnterpriseSecurityException( sUserMessage, sLogMessage, oException ); - - return { - setContext: function(s) { sContext = s; }, - getContext: function() { return sContext; }, - getMessage: _super.getMessage, - getUserMessage: _super.getMessage, - getLogMessage: _super.getLogMessage, - getStackTrace: _super.getStackTrace, - printStackTrace: _super.printStackTrace - }; +org.owasp.esapi.reference.validation.ValidationException = function (sUserMessage, sLogMessage) { + var oException, sContext; + if (arguments[2] && arguments[2] instanceof Exception) { + oException = arguments[2]; + if (arguments[3] && arguments[3] instanceof String) { + sContext = arguments[3]; + } + } else if (arguments[2] && arguments[2] instanceof String) { + sContext = arguments[2]; + } + + var _super = new org.owasp.esapi.EnterpriseSecurityException(sUserMessage, sLogMessage, oException); + + return { + setContext: function (s) { + sContext = s; + }, + getContext: function () { + return sContext; + }, + getMessage: _super.getMessage, + getUserMessage: _super.getMessage, + getLogMessage: _super.getLogMessage, + getStackTrace: _super.getStackTrace, + printStackTrace: _super.printStackTrace + }; }; diff --git a/fluidbook/compile/_js/fluidbook.js b/fluidbook/compile/_js/fluidbook.js index eb3141b99..1a6d93f6f 100644 --- a/fluidbook/compile/_js/fluidbook.js +++ b/fluidbook/compile/_js/fluidbook.js @@ -41,14 +41,20 @@ function getFlashvars(junk, fv) { } function parseGet(res) { - if (res == undefined) { + if (res === undefined) { res = {}; } - var couples = window.location.search.substr(1).split('&'); + + var s = window.location.search.substr(1); + if (s === "") { + return res; + } + + var couples = s.split('&'); var couple = new Array(); for (var i = 0; i < couples.length; i++) { couple = couples[i].split('='); - res[couple[0]] = $ESAPI.httpUtilities().getRequestParameter(couple[0]); + res[couple[0]] = trim($ESAPI.httpUtilities().getRequestParameter(couple[0]), "="); } return res; } @@ -67,9 +73,7 @@ function getBookmarks(id) { return getCookie('fb_bookmarks_' + id); } function setBookmarks(data, id) { - date = new Date; - date.setFullYear(date.getFullYear() + 10); - setCookie('fb_bookmarks_' + id, data, date, '/'); + setCookie('fb_bookmarks_' + id, data); } function popupFS(page) { @@ -93,24 +97,21 @@ function popupFocus(url, target) { _openedWindows[target] = openedw; } } - - - - openedw.focus(); } -function getCookieVal(offset) -{ - var endstr = document.cookie.indexOf(";", offset); - if (endstr == -1) { - endstr = document.cookie.length; - } - return unescape(document.cookie.substring(offset, endstr)); -} +/*function getCookieVal(offset) + { + var endstr = document.cookie.indexOf(";", offset); + if (endstr == -1) { + endstr = document.cookie.length; + } + return unescape(document.cookie.substring(offset, endstr)); + }*/ function getCookie(nom) { - return $ESAPI.httpUtilities().getCookie(nom); + var res = $ESAPI.httpUtilities().getCookie(nom); + return res.getValue(); /*var arg = nom + "="; var alen = arg.length; @@ -132,6 +133,8 @@ function setCookie(nom, valeur) { var cookie = new org.owasp.esapi.net.Cookie(nom, valeur); cookie.setMaxAge(10 * 365 * 24 * 3600); + cookie.setPath('/'); + cookie.setSecure(window.top.location.protocol === 'https:'); return $ESAPI.httpUtilities().addCookie(cookie); @@ -296,4 +299,54 @@ function key(e) { } return true; -} \ No newline at end of file +} +function trim(str, charlist) { + // discuss at: http://phpjs.org/functions/trim/ + // original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) + // improved by: mdsjack (http://www.mdsjack.bo.it) + // improved by: Alexander Ermolaev (http://snippets.dzone.com/user/AlexanderErmolaev) + // improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) + // improved by: Steven Levithan (http://blog.stevenlevithan.com) + // improved by: Jack + // input by: Erkekjetter + // input by: DxGx + // bugfixed by: Onno Marsman + // example 1: trim(' Kevin van Zonneveld '); + // returns 1: 'Kevin van Zonneveld' + // example 2: trim('Hello World', 'Hdle'); + // returns 2: 'o Wor' + // example 3: trim(16, 1); + // returns 3: 6 + + var whitespace, l = 0, + i = 0; + str += ''; + + if (!charlist) { + // default list + whitespace = + ' \n\r\t\f\x0b\xa0\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u200b\u2028\u2029\u3000'; + } else { + // preg_quote custom list + charlist += ''; + whitespace = charlist.replace(/([\[\]\(\)\.\?\/\*\{\}\+\$\^\:])/g, '$1'); + } + + l = str.length; + for (i = 0; i < l; i++) { + if (whitespace.indexOf(str.charAt(i)) === -1) { + str = str.substring(i); + break; + } + } + + l = str.length; + for (i = l - 1; i >= 0; i--) { + if (whitespace.indexOf(str.charAt(i)) === -1) { + str = str.substring(0, i + 1); + break; + } + } + + return whitespace.indexOf(str.charAt(0)) === -1 ? str : ''; +} diff --git a/fluidbook/compile/_js/resources/Base.esapi.properties.js b/fluidbook/compile/_js/resources/Base.esapi.properties.js index 3bbdd5576..0d331e4bf 100644 --- a/fluidbook/compile/_js/resources/Base.esapi.properties.js +++ b/fluidbook/compile/_js/resources/Base.esapi.properties.js @@ -14,55 +14,50 @@ $namespace('Base.esapi.properties'); Base.esapi.properties = { - application: { - // Change this value to reflect your application, or override it in an application scoped configuration. - Name: 'ESAPI4JS Base Application' - }, - - httputilities: { - cookies: { - ForceSecure: true - } - }, - - logging: { - Implementation: org.owasp.esapi.reference.logging.Log4JSLogFactory, - Level: org.owasp.esapi.Logger.ERROR, - // For a console that pops up in a seperate window - // Appenders: [ new ConsoleAppender(true) ], - // To log to a logging service on the server - // Appenders: [ new AjaxAppender( '/log/' ) ], - // Default to log nowhere - Appenders: [ ], - LogUrl: false, - LogApplicationName: false, - EncodingRequired: true - }, - - encoder: { - Implementation: org.owasp.esapi.reference.encoding.DefaultEncoder, - AllowMultipleEncoding: false - }, - - localization: { - StandardResourceBundle: ESAPI_Standard_en_US, - DefaultLocale: 'en-US' - }, - - validation: { - Implementation: org.owasp.esapi.reference.validation.DefaultValidator, - AccountName: '^[a-zA-Z0-9]{3,20}$', - SafeString: '[a-zA-Z0-9\\-_+]*', - Email: '^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$', - IPAddress: '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$', - URL: '^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\\'\\/\\\\\\+=&%\\$#_]*)?$', - CreditCard: '^(\\d{4}[- ]?){3}\\d{4}$', - SSN: '^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$', - HttpScheme: '^(http|https)$', - HttpServerName: '^[a-zA-Z0-9_.\\-]*$', - HttpParameterName: '^[a-zA-Z0-9_]{1,32}$', - HttpParameterValue: '^[a-zA-Z0-9.\\-\\/+=_ ]*$', - HttpCookieName: '^[a-zA-Z0-9\\-_]{1,32}$', - HttpCookieValue: '^[a-zA-Z0-9\\-\\/+=_ ]*$' - } + application: { + // Change this value to reflect your application, or override it in an application scoped configuration. + Name: 'ESAPI4JS Base Application' + }, + httputilities: { + cookies: { + ForceSecure: false + } + }, + logging: { + Implementation: org.owasp.esapi.reference.logging.Log4JSLogFactory, + Level: org.owasp.esapi.Logger.ERROR, + // For a console that pops up in a seperate window + // Appenders: [ new ConsoleAppender(true) ], + // To log to a logging service on the server + // Appenders: [ new AjaxAppender( '/log/' ) ], + // Default to log nowhere + Appenders: [], + LogUrl: false, + LogApplicationName: false, + EncodingRequired: true + }, + encoder: { + Implementation: org.owasp.esapi.reference.encoding.DefaultEncoder, + AllowMultipleEncoding: false + }, + localization: { + StandardResourceBundle: ESAPI_Standard_en_US, + DefaultLocale: 'en-US' + }, + validation: { + Implementation: org.owasp.esapi.reference.validation.DefaultValidator, + AccountName: '^[a-zA-Z0-9]{3,20}$', + SafeString: '[a-zA-Z0-9\\-_+]*', + Email: '^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$', + IPAddress: '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$', + URL: '^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\\'\\/\\\\\\+=&%\\$#_]*)?$', + CreditCard: '^(\\d{4}[- ]?){3}\\d{4}$', + SSN: '^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$', + HttpScheme: '^(http|https)$', + HttpServerName: '^[a-zA-Z0-9_.\\-]*$', + HttpParameterName: '^[a-zA-Z0-9_]{1,32}$', + HttpParameterValue: '^[a-zA-Z0-9.\\-\\/+=_ ]*$', + HttpCookieName: '^[a-zA-Z0-9\\-_]{1,32}$', + HttpCookieValue: '^[a-zA-Z0-9\\-\\/+=_ ]*$' + } }; \ No newline at end of file