TYPO3\CMS\Core\Encoder\JavaScriptEncoder Class Reference

Inheritance diagram for TYPO3\CMS\Core\Encoder\JavaScriptEncoder:

Public Member Functions
	__construct ()
	encode ($input)

Protected Member Functions
	encodeCharacter ($character)
	isImmuneCharacter ($character)
	getHexForNonAlphanumeric ($ordinalValue)

Protected Attributes
	$hexMatrix = []
	$immuneCharacters = [',', '.', '_']
	$charsetConversion = null

Detailed Description

Adopted from OWASP Enterprise Security API (ESAPI) reference implementation for the JavaScript Codec. Original Author: Mike Boberski

This class provides encoding for user input that is intended to be used in a JavaScript context. It encodes all characters except alphanumericals and the immune characters to a hex representation.

Copyright

2009-2010 The OWASP Foundation http://www.owasp.org/index.php/ESAPI

Definition at line 26 of file JavaScriptEncoder.php.

Constructor & Destructor Documentation

__construct()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::__construct

(

)

Populates the $hex map of non-alphanumeric single-byte characters.

Alphanumerical character are set to NULL in the matrix.

Definition at line 55 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance().

Member Function Documentation

encode()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::encode

(

$input

)

Encodes a string for JavaScript.

Parameters

string

$input

The string to encode, may be empty.

Returns

string The encoded string.

Definition at line 73 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

encodeCharacter()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::encodeCharacter (   $character )

protected

Returns backslash encoded numeric format. Does not use backslash character escapes such as, " or \' as these may cause parsing problems. For example, if a javascript attribute, such as onmouseover, contains a " that will close the entire attribute and allow an attacker to inject another script attribute.

Parameters

string

$character

utf-8 character that needs to be encoded

Returns

string encoded character

Definition at line 94 of file JavaScriptEncoder.php.

References TYPO3\CMS\Core\Encoder\JavaScriptEncoder\getHexForNonAlphanumeric(), and TYPO3\CMS\Core\Encoder\JavaScriptEncoder\isImmuneCharacter().

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encode().

getHexForNonAlphanumeric()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::getHexForNonAlphanumeric (   $ordinalValue )

protected

Returns the ordinal value as a hex string of any character that is not a single-byte alphanumeric. The character should be supplied as a string in the utf-8 character encoding. If the character is an alphanumeric character with ordinal value below 255, then this method will return NULL.

Parameters

int

$ordinalValue

Ordinal value of the character

Returns

string hexadecimal ordinal value of non-alphanumeric characters or NULL otherwise.

Definition at line 136 of file JavaScriptEncoder.php.

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

isImmuneCharacter()

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::isImmuneCharacter (   $character )

protected

Checks if the given character is one of the immune characters

Parameters

string

$character

utf-8 character to search for, must not be empty

Returns

bool TRUE if character is immune, FALSE otherwise

Definition at line 121 of file JavaScriptEncoder.php.

Referenced by TYPO3\CMS\Core\Encoder\JavaScriptEncoder\encodeCharacter().

Member Data Documentation

$charsetConversion

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$charsetConversion = null

protected

Definition at line 48 of file JavaScriptEncoder.php.

$hexMatrix

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$hexMatrix = []

protected

Definition at line 34 of file JavaScriptEncoder.php.

$immuneCharacters

TYPO3\CMS\Core\Encoder\JavaScriptEncoder::$immuneCharacters = [',', '.', '_']

protected

Definition at line 41 of file JavaScriptEncoder.php.