Sanitization API
API that provides methods to help you avoid code injection in HTML, JavaScript and SQL snippets that need to include untrusted content, i.e. content gathered from end-users.
Summary
Action | Description |
---|---|
BuildSafe_InClauseIntegerList | Returns a comma-delimited text value containing all the integer values provided as input. The returned value can be safely used in a SQL "IN" clause. |
BuildSafe_InClauseTextList | Returns a comma-delimited text value with the encoded version of all the text values provided as input. The returned value can be safely used in a SQL "IN" clause. |
SanitizeHtml | Sanitizes the provided HTML using the OWASP Java HTML Sanitizer Project. The implemented policy follows the example in https://github.com/OWASP/java-html-s...cyExample.java. |
VerifyJavascriptLiteral | Ensure the provided JavaScript only contains literals. If it contains anything else, an INVALID JAVASCRIPT LITERAL exception is thrown. |
VerifySqlLiteral | Ensure the provided SQL only contains literals. If it contains anything else, an INVALID SQL LITERAL exception is thrown. |
Structure | Description |
---|---|
IntegerLiteral | Simple structure holding a long integer value. Used as a record definition when providing a list of IntegerLiteral records to include in a SQL "IN" clause. |
TextLiteral | Simple structure holding a text value. Used as a record definition when providing a list of TextLiteral records to include in a SQL "IN" clause. |
Actions
BuildSafe_InClauseIntegerList
Returns a comma-delimited text value containing all the integer values provided as input. The returned value can be safely used in a SQL "IN" clause.
Inputs
- ValueList
- Type: RecordList of IntegerLiteral. Mandatory.
List of integer values to include in the returned value.
Outputs
- Output
- Type: Text.
A string containing comma-separated integer values to be used in a SQL "IN" clause.
BuildSafe_InClauseTextList
Returns a comma-delimited text value with the encoded version of all the text values provided as input. The returned value can be safely used in a SQL "IN" clause.
Inputs
- ValueList
- Type: RecordList of TextLiteral. Mandatory.
List of text values to include in the returned value.
Outputs
- Output
- Type: Text.
A string containing a set of encoded text values separated by commas to be used in a SQL "IN" clause.
SanitizeHtml
Sanitizes the provided HTML using the OWASP Java HTML Sanitizer Project. The implemented policy follows the example in https://github.com/OWASP/java-html-s...cyExample.java.
Inputs
- Html
- Type: Text. Mandatory.
The HTML to sanitize.
Outputs
- SanitizedHtml
- Type: Text.
The sanitized HTML.
VerifyJavascriptLiteral
Ensures the provided JavaScript only contains literals. If it contains anything else, an INVALID JAVASCRIPT LITERAL exception is thrown.
Inputs
- JavascriptLiteral
- Type: Text. Mandatory.
The JavaScript literal to sanitize.
Outputs
- SanitizedJavascriptLiteral
- Type: Text.
The sanitized JavaScript literal.
VerifySqlLiteral
Ensures the provided SQL only contains literals. If it contains anything else, an INVALID SQL LITERAL exception is thrown.
Inputs
- SqlLiteral
- Type: Text. Mandatory.
The SQL to sanitize.
Outputs
- SanitizedSqlLiteral
- Type: Text.
The sanitized SQL.
Structures
IntegerLiteral
Simple structure holding a long integer value. Used as a record definition when providing a list of IntegerLiteral records to include in a SQL "IN" clause.
Attributes
- Value
- Type: LongInteger. Mandatory.
An integer value to consider when creating a SQL "IN" clause.
TextLiteral
Simple structure holding a text value. Used as a record definition when providing a list of TextLiteral records to include in a SQL "IN" clause.
Attributes
- Value
- Type: Text (2000). Mandatory.
A text value to consider when creating a SQL "IN" clause.