XSS JSP Functions
DeprecatedAvailable since version 1.3.0
Why is the deprecated?
Since AEM 6.0, HTL (which auto-XSS protects) is the preferred over JSP, thus this feature which directly supports use of JSP’s is deprecated.
Purpose
Provide simple JSP EL functions for XSS protection using the XSSAPI service provided by AEM.
Usage
First, add the taglib declaration:
<%@ taglib prefix="xss" uri="http://www.adobe.com/consulting/acs-aem-commons/xss" %>
Functions
xss:encodeForHTML(XSSAPI, String)
xss:encodeForHTMLAttr(XSSAPI, String)
xss:encodeForJSString(XSSAPI, String)
xss:filterHTML(XSSAPI, String)
xss:getValidDimension(XSSAPI, String, String)
xss:getValidHref(XSSAPI, String)
xss:getValidInteger(XSSAPI, String, int)
xss:getValidJSToken(XSSAPI, String, String)
See JavaDoc of XSSAPI for more details. Also see the XSS Cheat Sheet.
Example
<%@include file="/libs/foundation/global.jsp"%><%
%><%@ taglib prefix="xss" uri="http://www.adobe.com/consulting/acs-aem-commons/xss" %>
${xss:encodeForHTMLAttr(xssAPI, 'hi"')}