XSS JSP Functions

Available since version 1.3.0

Purpose

Provide simple JSP EL functions for XSS protection using the XSSAPI service provided by AEM.

Usage

First, add the taglib declaration:

<%@ taglib prefix="xss" uri="http://www.adobe.com/consulting/acs-aem-commons/xss" %>

Functions

  • xss:encodeForHTML(XSSAPI, String)
  • xss:encodeForHTMLAttr(XSSAPI, String)
  • xss:encodeForJSString(XSSAPI, String)
  • xss:filterHTML(XSSAPI, String)
  • xss:getValidDimension(XSSAPI, String, String)
  • xss:getValidHref(XSSAPI, String)
  • xss:getValidInteger(XSSAPI, String, int)
  • xss:getValidJSToken(XSSAPI, String, String)

See JavaDoc of XSSAPI for more details. Also see the XSS Cheat Sheet.

Example

<%@include file="/libs/foundation/global.jsp"%><%
%><%@ taglib prefix="xss" uri="http://www.adobe.com/consulting/acs-aem-commons/xss" %>
${xss:encodeForHTMLAttr(xssAPI, 'hi"')}
Please report any issues with the Feature or documentation on the ACS AEM Commons GitHub Issue tracker.
comments powered by Disqus