How to get the XSSAPI Service?
<%@ include le=”/libs/foundation/global.jsp” %>
<title><%= xssAPI.encodeForHTML(title); %></title>
import org.apache.sling.xss.XSSAPI;
public class MyClass {
private void myFunction(ResourceResolver resourceResolver) {
XSSAPI xssAPI = resourceResolver.adaptTo(XSSAPI.Class);
}
}
Java component
Java
JSP
import org.apache.sling.xss.XSSAPI;
@Reference
private XSSAPI xssAPI;
// Filter a string using the AntiSamy library to allow certain tags
public String lterHTML(String source);
// Use one of these to get an XSSAPI suitable for validating URLs
public XSSAPI getRequestSpecicAPI(SlingHttpServletRequest request);
public XSSAPI getResourceResolverSpecicAPI(ResourceResolver resolver);
Filters
JCR based URL mapping
// Encode string to use inside an HTML tag
public String encodeForHTML(String source);
// Encode string to use inside an HTML attribute
public String encodeForHTMLAttr(String source);
// Encode string to use inside an XML tag
public String encodeForXML(String source);
// Encode string to use inside an XML attribute
public String encodeForXMLAttr(String source);
// Encode string to use as a JavaScript string
public String encodeForJSString(String source);
// Encode string to use as a CSS string
public String encodeForCSSString(String source);
Encoders (excerpt)
// Get a valid dimension (e.g. an image width parameter)
public String getValidDimension(String dimension, String defaultValue);
// Get a valid URL (Needs request-/resourceresolver specic API, see below)
public String getValidHref(String url);
// Get a valid integer from a string
public Integer getValidInteger(String integer, int defaultValue);
// Get a valid long from a string
public Long getValidLong(String long, long defaultValue);
// Validate a Javascript token.
// The value must be either a single identier, a literal number, or a literal string.
public String getValidJSToken(String token, String defaultValue);
Validators (excerpt)
XSSAPI: Methods
© 2016 Adobe Systems, Incorporated. Adobe Condential.
Filters potentially user-contributed HTML to meet the AntiSamy policy rules currently in eect for
HTML output (see the XSSFilter service for details).
Taglib
Taglib
<cq:text property=”jcr:title” tagName=”h2” escapeXml=”true”>