Interface ExploitProtectionService
- All Known Implementing Classes:
ExploitProtectionServiceImpl
public interface ExploitProtectionService
- Author:
- jfischer
-
Method Summary
Modifier and TypeMethodDescriptioncleanString(String string) Detect and remove possible XSS threats from the passed in string.cleanStringWithResults(String string) Detect and remove possible XSS threats from the passed in string.voidcompareToken(String passedToken) Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session.htmlDecode(String value)
-
Method Details
-
cleanString
Detect and remove possible XSS threats from the passed in string. This includes<script>tags, and the like.- Parameters:
string- The possibly dirty string- Returns:
- The cleansed version of the string
- Throws:
ServiceException
-
cleanStringWithResults
Detect and remove possible XSS threats from the passed in string. This includes<script>tags, and the like. If an html, validation, or security problem is detected, an exception is thrown. This method also emits well formed xml, which is important if using Thymeleaf to display the results.- Parameters:
string- The possibly dirty string- Returns:
- The cleansed version of the string
- Throws:
ServiceException
-
compareToken
Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session. If they are different, then the exception is thrown.- Parameters:
passedToken- The csrf token that was passed in the request- Throws:
ServiceException
-
getCSRFToken
- Throws:
ServiceException
-
getCsrfTokenParameter
String getCsrfTokenParameter() -
htmlDecode
-