‪TYPO3CMS  9.5
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Encoder\JavaScriptEncoder Class Reference
Inheritance diagram for TYPO3\CMS\Core\Encoder\JavaScriptEncoder:
TYPO3\CMS\Core\SingletonInterface

Public Member Functions

 __construct ()
 
string encode ($input)
 

Protected Member Functions

string encodeCharacter ($character)
 
bool isImmuneCharacter ($character)
 
string getHexForNonAlphanumeric ($ordinalValue)
 

Protected Attributes

array $hexMatrix = array( )
 
array $immuneCharacters = array( ',', '.', '_' )
 
TYPO3 CMS Core Charset CharsetConverter $charsetConversion
 

Detailed Description

Adopted from OWASP Enterprise Security API (ESAPI) reference implementation for the JavaScript Codec. Original Author: Mike Boberski

This class provides encoding for user input that is intended to be used in a JavaScript context. It encodes all characters except alphanumericals and the immune characters to a hex representation.

Copyright
‪2009-2010 The OWASP Foundation deprecated 308.

Definition at line 27 of file JavaScriptEncoder.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::__construct ( )

Populates the $hex map of non-alphanumeric single-byte characters.

Alphanumerical character are set to NULL in the matrix.

Deprecated:
‪since TYPO3 v9.3, will be removed in TYPO3 v10.0

Definition at line 54 of file JavaScriptEncoder.php.

Member Function Documentation

◆ encode()

string TYPO3\CMS\Core\Encoder\JavaScriptEncoder::encode (   $input)

Encodes a string for JavaScript.

Parameters
string$input‪The string to encode, may be empty.
Returns
‪string The encoded string.

Definition at line 73 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

◆ encodeCharacter()

string TYPO3\CMS\Core\Encoder\JavaScriptEncoder::encodeCharacter (   $character)
protected

Returns backslash encoded numeric format. Does not use backslash character escapes such as, " or \' as these may cause parsing problems. For example, if a javascript attribute, such as onmouseover, contains a " that will close the entire attribute and allow an attacker to inject another script attribute.

Parameters
string$character‪utf-8 character that needs to be encoded
Returns
‪string encoded character

Definition at line 94 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Encoder\JavaScriptEncoder\getHexForNonAlphanumeric(), and TYPO3\CMS\Core\Encoder\JavaScriptEncoder\isImmuneCharacter().

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encode().

◆ getHexForNonAlphanumeric()

string TYPO3\CMS\Core\Encoder\JavaScriptEncoder::getHexForNonAlphanumeric (   $ordinalValue)
protected

Returns the ordinal value as a hex string of any character that is not a single-byte alphanumeric. The character should be supplied as a string in the utf-8 character encoding. If the character is an alphanumeric character with ordinal value below 255, then this method will return NULL.

Parameters
int$ordinalValue‪Ordinal value of the character
Returns
‪string hexadecimal ordinal value of non-alphanumeric characters or NULL otherwise.

Definition at line 136 of file JavaScriptEncoder.php.

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

◆ isImmuneCharacter()

bool TYPO3\CMS\Core\Encoder\JavaScriptEncoder::isImmuneCharacter (   $character)
protected

Checks if the given character is one of the immune characters

Parameters
string$character‪utf-8 character to search for, must not be empty
Returns
‪bool TRUE if character is immune, FALSE otherwise

Definition at line 121 of file JavaScriptEncoder.php.

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

Member Data Documentation

◆ $charsetConversion

TYPO3 CMS Core Charset CharsetConverter TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$charsetConversion
protected

TYPO3 charset encoding object

Definition at line 46 of file JavaScriptEncoder.php.

◆ $hexMatrix

array TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$hexMatrix = array( )
protected

A map where the keys are ordinal values of non-alphanumeric single-byte characters and the values are hexadecimal equivalents as strings.

Definition at line 34 of file JavaScriptEncoder.php.

◆ $immuneCharacters

array TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$immuneCharacters = array( ',', '.', '_' )
protected

Characters that are immune (not dangerous) in the JavaScript context

Definition at line 40 of file JavaScriptEncoder.php.