TYPO3 CMS  TYPO3_6-2
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Encoder\JavaScriptEncoder Class Reference
Inheritance diagram for TYPO3\CMS\Core\Encoder\JavaScriptEncoder:
TYPO3\CMS\Core\SingletonInterface t3lib_codec_JavaScriptEncoder

Public Member Functions

 __construct ()
 
 encode ($input)
 

Protected Member Functions

 encodeCharacter ($character)
 
 isImmuneCharacter ($character)
 
 getHexForNonAlphanumeric ($ordinalValue)
 

Protected Attributes

 $hexMatrix = array()
 
 $immuneCharacters = array(',', '.', '_')
 
 $charsetConversion = NULL
 

Detailed Description

This file is part of the TYPO3 CMS project.

It is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, either version 2 of the License, or any later version.

For the full copyright and license information, please read the LICENSE.txt file that was distributed with this source code.

The TYPO3 project - inspiring people to share! Adopted from OWASP Enterprise Security API (ESAPI) reference implementation for the JavaScript Codec. Original Author: Mike Boberski

This class provides encoding for user input that is intended to be used in a JavaScript context. It encodes all characters except alphanumericals and the immune characters to a hex representation.

Author
Mike Boberski bober.nosp@m.ski_.nosp@m.micha.nosp@m.el@b.nosp@m.ah.co.nosp@m.m
Franz G. Jahn franz.nosp@m.jahn.nosp@m.@cron.nosp@m.-it..nosp@m.de
Helmut Hummel helmu.nosp@m.t.hu.nosp@m.mmel@.nosp@m.typo.nosp@m.3.org
Copyright
2009-2010 The OWASP Foundation http://www.owasp.org/index.php/ESAPI

Definition at line 29 of file JavaScriptEncoder.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::__construct ( )

Populates the $hex map of non-alphanumeric single-byte characters.

Alphanumerical character are set to NULL in the matrix.

Definition at line 58 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance().

Member Function Documentation

◆ encode()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::encode (   $input)

Encodes a string for JavaScript.

Parameters
string$inputThe string to encode, may be empty.
Returns
string The encoded string.

Definition at line 75 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

◆ encodeCharacter()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::encodeCharacter (   $character)
protected

Returns backslash encoded numeric format. Does not use backslash character escapes such as, " or \' as these may cause parsing problems. For example, if a javascript attribute, such as onmouseover, contains a " that will close the entire attribute and allow an attacker to inject another script attribute.

Parameters
string$characterutf-8 character that needs to be encoded
Returns
string encoded character

Definition at line 95 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Encoder\JavaScriptEncoder\getHexForNonAlphanumeric(), and TYPO3\CMS\Core\Encoder\JavaScriptEncoder\isImmuneCharacter().

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encode().

◆ getHexForNonAlphanumeric()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::getHexForNonAlphanumeric (   $ordinalValue)
protected

Returns the ordinal value as a hex string of any character that is not a single-byte alphanumeric. The character should be supplied as a string in the utf-8 character encoding. If the character is an alphanumeric character with ordinal value below 255, then this method will return NULL.

Parameters
integer$ordinalValueOrdinal value of the character
Returns
string hexadecimal ordinal value of non-alphanumeric characters or NULL otherwise.

Definition at line 135 of file JavaScriptEncoder.php.

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

◆ isImmuneCharacter()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::isImmuneCharacter (   $character)
protected

Checks if the given character is one of the immune characters

Parameters
string$characterutf-8 character to search for, must not be empty
Returns
boolean TRUE if character is immune, FALSE otherwise

Definition at line 121 of file JavaScriptEncoder.php.

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

Member Data Documentation

◆ $charsetConversion

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$charsetConversion = NULL
protected

Definition at line 51 of file JavaScriptEncoder.php.

◆ $hexMatrix

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$hexMatrix = array()
protected

Definition at line 37 of file JavaScriptEncoder.php.

◆ $immuneCharacters

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$immuneCharacters = array(',', '.', '_')
protected

Definition at line 44 of file JavaScriptEncoder.php.