Class XSSFilter

java.lang.Object
de.hybris.platform.servicelayer.web.XSSFilter
All Implemented Interfaces:
javax.servlet.Filter

public class XSSFilter extends Object implements javax.servlet.Filter
Filter that wraps requests to XSSRequestWrapper to sanitize inputs for XSS.

Utilizes HttpServletRequestWrapper that sanitize requests inputs to mitigate risks of XSS scripts being passed over. This code is based on free and non-restricted code found at: http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/

  • Field Details

  • Constructor Details

    • XSSFilter

      public XSSFilter()
  • Method Details

    • init

      public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
      Specified by:
      init in interface javax.servlet.Filter
      Throws:
      javax.servlet.ServletException
    • initFromConfig

      protected void initFromConfig(XSSFilter.XSSFilterConfig config)
    • initPatternsAndHeaders

      protected void initPatternsAndHeaders(boolean enabled, Map<String,String> patternDefinitions, Map<String,String> headers)
    • reloadOnConfigChange

      public void reloadOnConfigChange()
    • compilePatterns

      protected List<Pattern> compilePatterns(Map<String,String> rules)
    • getSetupInfo

      protected String getSetupInfo()
    • doFilter

      public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
      Specified by:
      doFilter in interface javax.servlet.Filter
      Throws:
      IOException
      javax.servlet.ServletException
    • processPatternsAndDoFilter

      protected void processPatternsAndDoFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
      Throws:
      IOException
      javax.servlet.ServletException
    • setRejectResponseCodes

      protected void setRejectResponseCodes(javax.servlet.http.HttpServletResponse httpResponse) throws IOException
      Throws:
      IOException
    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter