List of usage examples for org.apache.commons.lang3 StringEscapeUtils escapeHtml4
public static final String escapeHtml4(final String input)
Escapes the characters in a String using HTML entities.
For example:
"bread" & "butter"
"bread" & "butter".
From source file:org.uberfire.ext.security.server.XSSServletRequestWrapper.java
@Override public String getParameter(final String param) { return StringEscapeUtils.escapeHtml4(super.getParameter(param)); }
From source file:org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureCVE20121823UnitTest.java
@Test public void shouldAlertIfPhpSourceTagsWereDisclosedInResponseBody() throws Exception { // Given//from w w w. j av a 2s .co m String test = "/shouldAlertIfPhpSourceTagsWereDisclosedInResponseBody/"; nano.addHandler(new NanoServerHandler(test) { @Override protected Response serve(IHTTPSession session) { String encodedPhpCode = StringEscapeUtils.escapeHtml4(PHP_SOURCE_TAGS); return newFixedLengthResponse("<html><body>" + encodedPhpCode + "</body></html>"); } }); HttpMessage message = getHttpMessage(test); rule.init(message, parent); // When rule.scan(); // Then assertThat(alertsRaised, hasSize(1)); assertThat(alertsRaised.get(0).getEvidence(), is(equalTo(""))); assertThat(alertsRaised.get(0).getParam(), is(equalTo(""))); assertThat(alertsRaised.get(0).getAttack(), is(equalTo(""))); assertThat(alertsRaised.get(0).getRisk(), is(equalTo(Alert.RISK_HIGH))); assertThat(alertsRaised.get(0).getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM))); assertThat(alertsRaised.get(0).getOtherInfo(), is(equalTo(PHP_SOURCE_TAGS))); }
From source file:org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureCVE20121823UnitTest.java
@Test public void shouldNotAlertIfResponseIsNotSuccessfulEvenIfPhpSourceTagsWereDisclosedInResponseBody() throws Exception { // Given//from w w w. j ava2s.co m String test = "/shouldNotAlertIfResponseIsNotSuccessfulEvenIfPhpSourceTagsWereDisclosedInResponseBody/"; nano.addHandler(new NanoServerHandler(test) { @Override protected Response serve(IHTTPSession session) { String encodedPhpCode = StringEscapeUtils.escapeHtml4(PHP_SOURCE_TAGS); return newFixedLengthResponse(Response.Status.INTERNAL_ERROR, "text/html", "<html><body>" + encodedPhpCode + "</body></html>"); } }); HttpMessage message = getHttpMessage(test); rule.init(message, parent); // When rule.scan(); // Then assertThat(httpMessagesSent, hasSize(1)); assertThat(alertsRaised, hasSize(0)); }
From source file:org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureCVE20121823UnitTest.java
@Test public void shouldAlertIfPhpEchoTagsWereDisclosedInResponseBody() throws Exception { // Given/*from ww w . ja v a2s .com*/ String test = "/shouldAlertIfPhpEchoTagsWereDisclosedInResponseBody/"; nano.addHandler(new NanoServerHandler(test) { @Override protected Response serve(IHTTPSession session) { String encodedPhpCode = StringEscapeUtils.escapeHtml4(PHP_SOURCE_ECHO_TAG); return newFixedLengthResponse("<html><body>" + encodedPhpCode + "</body></html>"); } }); HttpMessage message = getHttpMessage(test); rule.init(message, parent); // When rule.scan(); // Then assertThat(alertsRaised, hasSize(1)); assertThat(alertsRaised.get(0).getEvidence(), is(equalTo(""))); assertThat(alertsRaised.get(0).getParam(), is(equalTo(""))); assertThat(alertsRaised.get(0).getAttack(), is(equalTo(""))); assertThat(alertsRaised.get(0).getRisk(), is(equalTo(Alert.RISK_HIGH))); assertThat(alertsRaised.get(0).getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM))); assertThat(alertsRaised.get(0).getOtherInfo(), is(equalTo(PHP_SOURCE_ECHO_TAG))); }
From source file:org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureCVE20121823UnitTest.java
@Test public void shouldNotAlertIfResponseIsNotSuccessfulEvenIfPhpEchoTagsWereDisclosedInResponseBody() throws Exception { // Given/* w w w. ja v a 2 s . co m*/ String test = "/shouldNotAlertIfResponseIsNotSuccessfulEvenIfPhpEchoTagsWereDisclosedInResponseBody/"; nano.addHandler(new NanoServerHandler(test) { @Override protected Response serve(IHTTPSession session) { String encodedPhpCode = StringEscapeUtils.escapeHtml4(PHP_SOURCE_ECHO_TAG); return newFixedLengthResponse(Response.Status.INTERNAL_ERROR, "text/html", "<html><body>" + encodedPhpCode + "</body></html>"); } }); HttpMessage message = getHttpMessage(test); rule.init(message, parent); // When rule.scan(); // Then assertThat(httpMessagesSent, hasSize(1)); assertThat(alertsRaised, hasSize(0)); }
From source file:org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureCVE20121823UnitTest.java
@Test public void shouldNotAlertIfJavaScriptFilesAtDefaultThreshold() throws Exception { // Given// ww w. j a v a 2 s . com String test = "/shouldNotAlertIfJavaScriptFilesAtDefaultThreshold/"; nano.addHandler(new NanoServerHandler(test) { @Override protected Response serve(IHTTPSession session) { String encodedPhpCode = StringEscapeUtils.escapeHtml4(PHP_SOURCE_ECHO_TAG); Response response = newFixedLengthResponse(Response.Status.OK, "text/javascript", "/* javascript comment blah blah " + encodedPhpCode + "*/"); response.addHeader("Content-Type", "text/javascript"); return response; } }); HttpMessage message = getHttpMessage(test, "text/javascript"); rule.init(message, parent); // When rule.scan(); // Then assertThat(alertsRaised, hasSize(0)); }
From source file:org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureCVE20121823UnitTest.java
@Test public void shouldAlertIfJavaScriptFilesAtLowThreshold() throws Exception { // Given//from w w w . j a va 2 s .c o m String test = "/shouldAlertIfJavaScriptFilesAtLowThreshold/"; nano.addHandler(new NanoServerHandler(test) { @Override protected Response serve(IHTTPSession session) { String encodedPhpCode = StringEscapeUtils.escapeHtml4(PHP_SOURCE_ECHO_TAG); return newFixedLengthResponse(Response.Status.OK, "text/javascript", "/* javascript comment blah blah " + encodedPhpCode + "*/"); } }); HttpMessage message = getHttpMessage(test, "text/javascript"); rule.init(message, parent); rule.setAlertThreshold(AlertThreshold.LOW); // When rule.scan(); // Then assertThat(alertsRaised, hasSize(1)); assertThat(alertsRaised.get(0).getEvidence(), is(equalTo(""))); assertThat(alertsRaised.get(0).getParam(), is(equalTo(""))); assertThat(alertsRaised.get(0).getAttack(), is(equalTo(""))); assertThat(alertsRaised.get(0).getRisk(), is(equalTo(Alert.RISK_HIGH))); assertThat(alertsRaised.get(0).getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM))); assertThat(alertsRaised.get(0).getOtherInfo(), is(equalTo(PHP_SOURCE_ECHO_TAG))); }
From source file:pandroid.agent.PandroidAgentListener.java
private String buildXML() { String buffer = ""; String gpsData = ""; buffer += "<?xml version='1.0' encoding='UTF-8'?>\n"; String latitude = getSharedData("PANDROID_DATA", "latitude", "181", "float"); String longitude = getSharedData("PANDROID_DATA", "longitude", "181", "float"); if (!latitude.equals("181.0") && !longitude.equals("181.0")) { gpsData = " latitude='" + latitude + "' longitude='" + longitude + "'"; }/* ww w . j a v a 2 s .c om*/ String interval = getSharedData("PANDROID_DATA", "interval", Integer.toString(Core.defaultInterval), "integer"); String agentName = getSharedData("PANDROID_DATA", "agentName", Core.defaultAgentName, "string"); buffer += "<agent_data " + "description='' group='' os_name='android' os_version='" + Build.VERSION.RELEASE + "' " + "interval='" + interval + "' version='4.0(Build 111012)' " + "timestamp='" + getHumanDateTime(-1) + "' agent_name='" + agentName + "' " + "timezone_offset='0'" + gpsData + ">\n"; // // // MODULES // // // // String orientation = getSharedData("PANDROID_DATA", "orientation", "361", "float"); // String proximity = getSharedData("PANDROID_DATA", "proximity", "-1.0", "float"); String batteryLevel = getSharedData("PANDROID_DATA", "batteryLevel", "-1", "integer"); String taskStatus = getSharedData("PANDROID_DATA", "taskStatus", "disabled", "string"); String taskRun = getSharedData("PANDROID_DATA", "taskRun", "false", "string"); String taskHumanName = getSharedData("PANDROID_DATA", "taskHumanName", "", "string"); taskHumanName = StringEscapeUtils.escapeHtml4(taskHumanName); String task = getSharedData("PANDROID_DATA", "task", "", "string"); String memoryStatus = getSharedData("PANDROID_DATA", "memoryStatus", Core.defaultMemoryStatus, "string"); String availableRamKb = getSharedData("PANDROID_DATA", "availableRamKb", "0", "long"); String totalRamKb = getSharedData("PANDROID_DATA", "totalRamKb", "0", "long"); String upTime = getSharedData("PANDROID_DATA", "upTime", "" + Core.defaultUpTime, "long"); String helloSignal = getSharedData("PANDROID_DATA", "helloSignal", "" + Core.defaultHelloSignal, "integer"); String SimID = getSharedData("PANDROID_DATA", "simID", Core.defaultSimID, "string"); String networkOperator = getSharedData("PANDROID_DATA", "networkOperator", Core.defaultNetworkOperator, "string"); String networkType = getSharedData("PANDROID_DATA", "networkType", Core.defaultNetworkType, "string"); String phoneType = getSharedData("PANDROID_DATA", "networkType", Core.defaultNetworkType, "string"); String signalStrength = getSharedData("PANDROID_DATA", "signalStrength", "" + Core.defaultSignalStrength, "integer"); String SMSReceived = getSharedData("PANDROID_DATA", "SMSReceived", "" + Core.defaultSMSReceived, "integer"); String SMSSent = getSharedData("PANDROID_DATA", "SMSSent", "" + Core.defaultSMSSent, "integer"); String incomingCalls = getSharedData("PANDROID_DATA", "incomingCalls", "" + Core.defaultIncomingCalls, "integer"); String missedCalls = getSharedData("PANDROID_DATA", "missedCalls", "" + Core.defaultMissedCalls, "integer"); String outgoingCalls = getSharedData("PANDROID_DATA", "outgoingCalls", "" + Core.defaultOutgoingCalls, "integer"); String receiveBytes = getSharedData("PANDROID_DATA", "receiveBytes", "" + Core.defaultReceiveBytes, "long"); String transmitBytes = getSharedData("PANDROID_DATA", "transmitBytes", "" + Core.defaultTransmitBytes, "long"); String roaming = getSharedData("PANDROID_DATA", "roaming", "" + Core.defaultRoaming, "integer"); String simIDReport = getSharedData("PANDROID_DATA", "simIDReport", Core.defaultSimIDReport, "string"); String DeviceUpTimeReport = getSharedData("PANDROID_DATA", "DeviceUpTimeReport", Core.defaultDeviceUpTimeReport, "string"); String NetworkOperatorReport = getSharedData("PANDROID_DATA", "NetworkOperatorReport", Core.defaultNetworkOperatorReport, "string"); String NetworkTypeReport = getSharedData("PANDROID_DATA", "NetworkTypeReport", Core.defaultNetworkTypeReport, "string"); String PhoneTypeReport = getSharedData("PANDROID_DATA", "PhoneTypeReport", Core.defaultPhoneTypeReport, "string"); String SignalStrengthReport = getSharedData("PANDROID_DATA", "SignalStrengthReport", Core.defaultSignalStrengthReport, "string"); String ReceivedSMSReport = getSharedData("PANDROID_DATA", "ReceivedSMSReport", Core.defaultReceivedSMSReport, "string"); String SentSMSReport = getSharedData("PANDROID_DATA", "SentSMSReport", Core.defaultSentSMSReport, "string"); String IncomingCallsReport = getSharedData("PANDROID_DATA", "IncomingCallsReport", Core.defaultIncomingCallsReport, "string"); String MissedCallsReport = getSharedData("PANDROID_DATA", "MissedCallsReport", Core.defaultMissedCallsReport, "string"); String OutgoingCallsReport = getSharedData("PANDROID_DATA", "OutgoingCallsReport", Core.defaultOutgoingCallsReport, "string"); String BytesReceivedReport = getSharedData("PANDROID_DATA", "BytesReceivedReport", Core.defaultBytesReceivedReport, "string"); String BytesSentReport = getSharedData("PANDROID_DATA", "BytesSentReport", Core.defaultBytesSentReport, "string"); String HelloSignalReport = getSharedData("PANDROID_DATA", "HelloSignalReport", Core.defaultHelloSignalReport, "string"); String BatteryLevelReport = getSharedData("PANDROID_DATA", "BatteryLevelReport", Core.defaultBatteryLevelReport, "string"); String RoamingReport = getSharedData("PANDROID_DATA", "RoamingReport", Core.defaultRoamingReport, "string"); String InventoryReport = getSharedData("PANDROID_DATA", "InventoryReport", Core.defaultInventoryReport, "string"); if (InventoryReport.equals("enabled")) { buffer += buildInventoryXML(); } if (BatteryLevelReport.equals("enabled")) buffer += buildmoduleXML("battery_level", "The current Battery level", "generic_data", batteryLevel); // if(!orientation.equals("361.0")) { // buffer += buildmoduleXML("orientation", "The actually device orientation (in degrees)", "generic_data", orientation); // } // // if(!proximity.equals("-1.0")) { // buffer += buildmoduleXML("proximity", "The actually device proximity detector (0/1)", "generic_data", proximity); // } if (taskStatus.equals("enabled")) { buffer += buildmoduleXML("taskHumanName", "The task's human name.", "async_string", taskHumanName); buffer += buildmoduleXML("task", "The task's package name.", "async_string", task); if (taskRun.equals("true")) { buffer += buildmoduleXML("taskRun", "The task is running.", "async_proc", "1"); } else { buffer += buildmoduleXML("taskRun", "The task is running.", "async_proc", "0"); } } if (memoryStatus.equals("enabled")) { Float freeMemory = new Float((Float.valueOf(availableRamKb) / Float.valueOf(totalRamKb)) * 100.0); DecimalFormat formatPercent = new DecimalFormat("#.##"); buffer += buildmoduleXML("freeRamMemory", "The percentage of available ram.", "generic_data", formatPercent.format(freeMemory.doubleValue())); } //buffer += buildmoduleXML("last_gps_contact", "Datetime of the last geo-location contact", "generic_data", lastGpsContactDateTime); if (DeviceUpTimeReport.equals("enabled")) buffer += buildmoduleXML("upTime", "Total device uptime in seconds.", "generic_data", upTime); if (HelloSignalReport.equals("enabled")) buffer += buildmoduleXML("helloSignal", "Hello Signal", "generic_data", helloSignal); if (Core.hasSim) { if (simIDReport.equals("enabled")) buffer += buildmoduleXML("simID", "The Sim ID.", "generic_data_string", SimID); if (NetworkOperatorReport.equals("enabled")) buffer += buildmoduleXML("networkOperator", "Currently registered network operator", "generic_data_string", networkOperator); if (NetworkTypeReport.equals("enabled")) buffer += buildmoduleXML("networkType", "Current network type", "generic_data_string", networkType); if (PhoneTypeReport.equals("enabled")) buffer += buildmoduleXML("phoneType", "Phone type", "generic_data_string", phoneType); if (SignalStrengthReport.equals("enabled")) buffer += buildmoduleXML("signalStrength", "Signal strength (dB)", "generic_data_string", signalStrength); if (ReceivedSMSReport.equals("enabled")) buffer += buildmoduleXML("SMSReceived", "Number of SMS received", "generic_data", SMSReceived); if (SentSMSReport.equals("enabled")) buffer += buildmoduleXML("SMSSent", "Number of SMS sent", "generic_data", SMSSent); if (IncomingCallsReport.equals("enabled")) buffer += buildmoduleXML("incomingCalls", "Incoming calls", "generic_data", incomingCalls); if (MissedCallsReport.equals("enabled")) buffer += buildmoduleXML("missedCalls", "Missed calls", "generic_data", missedCalls); if (OutgoingCallsReport.equals("enabled")) buffer += buildmoduleXML("outgoingCalls", "Outgoing calls", "generic_data", outgoingCalls); if (BytesReceivedReport.equals("enabled")) buffer += buildmoduleXML("receiveBytes", "Bytes received(mobile)", "generic_data", receiveBytes); if (BytesSentReport.equals("enabled")) buffer += buildmoduleXML("transmitBytes", "Bytes transmitted(mobile)", "generic_data", transmitBytes); if (RoamingReport.equals("enabled")) buffer += buildmoduleXML("roaming", "Device is roaming", "generic_data", roaming); } // end if sim card buffer += "</agent_data>"; return buffer; }
From source file:password.pwm.util.java.StringUtil.java
public static String escapeHtml(final String input) { return StringEscapeUtils.escapeHtml4(input); }
From source file:pl.kotcrab.arget.gui.session.msg.TextMessage.java
private String processText(String text) { StringBuilder builder = new StringBuilder(); String[] parts = text.split("\\s{1}(?!\\s)"); // split by space but preserve two or more spaces for (String item : parts) { item = StringEscapeUtils.escapeHtml4(item); try {// ww w . jav a 2s . co m URL url = new URL(item); item = item.replaceAll("_", "_"); item = item.replaceAll("\\*", "*"); url = new URL(item); builder.append("<a href=\"" + url + "\">" + url + "</a> "); } catch (MalformedURLException e) { builder.append(item + " "); } } String result = builder.toString().replace(" ", " "); result = markdownReplace(result, "**", "\\*\\*", "<b>", "</b>"); result = markdownReplace(result, "__", "__", "<em>", "</em>"); return result; }