Class CpnlElFunctions


  • public class CpnlElFunctions
    extends Object
    the set of taglib JSP EL functions
    • Constructor Summary

      Constructors 
      Constructor Description
      CpnlElFunctions()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static String asset​(org.apache.sling.api.SlingHttpServletRequest request, String path)
      Builds the URL for a repository asset path using the LinkUtil.getURL() method.
      static String attr​(org.apache.sling.api.SlingHttpServletRequest request, String value, int qType)
      Returns the escaped text of a rich text value as HTML text for a tag attribute.
      static String cdata​(String value)
      Returns the encapsulated CDATA string of a value (no escaping!).
      static String child​(org.apache.sling.api.resource.Resource base, String path)
      Returns the repository path of a child of a resource.
      static Boolean contains​(Object collection, Object object)
      Checks whether an array of objects or a collection contains another object.
      static String context​(String context, String value)
      Prevents the given value string from containing XSS stuff.
      static String cpm​(String uri)
      Builds the URI for a relative Composum URI (prepends the Composum base).
      static String escapeRichText​(String input)  
      static String externalUrl​(org.apache.sling.api.SlingHttpServletRequest request, String path)
      Builds an external (full qualified) URL for a repository path using the LinkUtil.getURL() method.
      static String filter​(String value)
      Prevents the given value string from containing XSS stuff.
      protected static org.osgi.framework.BundleContext getBundelContext()  
      static Format getFormatter​(@NotNull Locale locale, @NotNull String format, @Nullable Class<?>... type)
      Creates the formatter for a describing string rule
      protected static <T> T getService​(Class<T> serviceClass)  
      static String i18n​(org.apache.sling.api.SlingHttpServletRequest request, String text)  
      static String map​(org.apache.sling.api.SlingHttpServletRequest request, String value)
      Replaces all 'href' attribute values found in the text value by the resolver mapped value.
      static String mappedExternalUrl​(org.apache.sling.api.SlingHttpServletRequest request, String path)
      Builds an external (full qualified) URL for a repository path using the LinkUtil.getMappedURL() method.
      static String mappedUrl​(org.apache.sling.api.SlingHttpServletRequest request, String path)
      Builds the URL for a repository path using the LinkUtil.getMappedURL() method.
      static String path​(String value)
      URL encoding for a resource path (without the encoding for the '/' path delimiters).
      static String rich​(org.apache.sling.api.SlingHttpServletRequest request, String value)
      Returns the escaped text of a rich text value (reduced HTML escaping).
      static String script​(String value)
      Returns the escaped script code of a value (Script escaping to prevent from XSS).
      static String style​(String value)
      Returns the escaped CSS code of a value (style escaping to prevent from XSS).
      static String text​(String value)
      Returns the escaped text of a value (HTML escaping to prevent from XSS).
      static String unmappedExternalUrl​(org.apache.sling.api.SlingHttpServletRequest request, String path)
      Builds an external (full qualified) URL for a repository path using the LinkUtil.getUnmappedURL() method.
      static String unmappedUrl​(org.apache.sling.api.SlingHttpServletRequest request, String path)
      Builds the URL for a repository path using the LinkUtil.getUnmappedURL() method.
      static String url​(org.apache.sling.api.SlingHttpServletRequest request, String path)
      Builds the URL for a repository path using the LinkUtil.getURL() method.
      static Object value​(Object value)
      An input field 'value' attribute which should be used as is if possible.
    • Field Detail

      • HREF_PATTERN

        public static final Pattern HREF_PATTERN
      • QTYPE_QUOT

        public static final int QTYPE_QUOT
        for the 'attr' escaping - the quotation type constants
        See Also:
        Constant Field Values
      • QTYPE_CHAR

        public static final String[] QTYPE_CHAR
      • QTYPE_ESC

        public static final String[] QTYPE_ESC
      • RICH_TEXT_TAGS

        public static final String[] RICH_TEXT_TAGS
      • RICH_TEXT_BASIC_ESCAPE

        public static final String[][] RICH_TEXT_BASIC_ESCAPE
      • RICH_TEXT_TAG_START

        protected static final List<String> RICH_TEXT_TAG_START
      • RICH_TEXT_TAG_CLOSED

        protected static final List<String> RICH_TEXT_TAG_CLOSED
      • RICH_TEXT_TAG_MAX_LEN

        protected static final int RICH_TEXT_TAG_MAX_LEN
      • ESCAPE_RICH_TEXT

        public static final org.apache.commons.lang3.text.translate.CharSequenceTranslator ESCAPE_RICH_TEXT
    • Constructor Detail

      • CpnlElFunctions

        public CpnlElFunctions()
    • Method Detail

      • escapeRichText

        public static String escapeRichText​(String input)
      • i18n

        public static String i18n​(org.apache.sling.api.SlingHttpServletRequest request,
                                  String text)
      • cpm

        public static String cpm​(String uri)
        Builds the URI for a relative Composum URI (prepends the Composum base).
        Parameters:
        path - the relative path (resource type)
        Returns:
        the URI with prepended base
      • child

        public static String child​(org.apache.sling.api.resource.Resource base,
                                   String path)
        Returns the repository path of a child of a resource.
        Parameters:
        base - the parent resource object
        path - the relative path to the child resource
        Returns:
        the absolute path of the child if found, otherwise the original path value
      • asset

        public static String asset​(org.apache.sling.api.SlingHttpServletRequest request,
                                   String path)
        Builds the URL for a repository asset path using the LinkUtil.getURL() method.
        Parameters:
        request - the current request (domain host hint)
        path - the repository path
        Returns:
        the URL built in the context of the requested domain host
      • url

        public static String url​(org.apache.sling.api.SlingHttpServletRequest request,
                                 String path)
        Builds the URL for a repository path using the LinkUtil.getURL() method.
        Parameters:
        request - the current request (domain host hint)
        path - the repository path
        Returns:
        the URL built in the context of the requested domain host
      • mappedUrl

        public static String mappedUrl​(org.apache.sling.api.SlingHttpServletRequest request,
                                       String path)
        Builds the URL for a repository path using the LinkUtil.getMappedURL() method.
        Parameters:
        request - the current request (domain host hint)
        path - the repository path
        Returns:
        the URL built in the context of the requested domain host
      • unmappedUrl

        public static String unmappedUrl​(org.apache.sling.api.SlingHttpServletRequest request,
                                         String path)
        Builds the URL for a repository path using the LinkUtil.getUnmappedURL() method.
        Parameters:
        request - the current request (domain host hint)
        path - the repository path
        Returns:
        the URL built in the context of the requested domain host
      • externalUrl

        public static String externalUrl​(org.apache.sling.api.SlingHttpServletRequest request,
                                         String path)
        Builds an external (full qualified) URL for a repository path using the LinkUtil.getURL() method.
        Parameters:
        request - the current request (domain host hint)
        path - the repository path
        Returns:
        the URL built in the context of the requested domain host
      • mappedExternalUrl

        public static String mappedExternalUrl​(org.apache.sling.api.SlingHttpServletRequest request,
                                               String path)
        Builds an external (full qualified) URL for a repository path using the LinkUtil.getMappedURL() method.
        Parameters:
        request - the current request (domain host hint)
        path - the repository path
        Returns:
        the URL built in the context of the requested domain host
      • unmappedExternalUrl

        public static String unmappedExternalUrl​(org.apache.sling.api.SlingHttpServletRequest request,
                                                 String path)
        Builds an external (full qualified) URL for a repository path using the LinkUtil.getUnmappedURL() method.
        Parameters:
        request - the current request (domain host hint)
        path - the repository path
        Returns:
        the URL built in the context of the requested domain host
      • value

        public static Object value​(Object value)
        An input field 'value' attribute which should be used as is if possible.
        Parameters:
        value - the value to render
        Returns:
        the value escaped using encodeForHTMLAttr() if the value is a String
      • text

        public static String text​(String value)
        Returns the escaped text of a value (HTML escaping to prevent from XSS).
        Parameters:
        value - the value to escape
        Returns:
        the HTML escaped text of the value
      • attr

        public static String attr​(org.apache.sling.api.SlingHttpServletRequest request,
                                  String value,
                                  int qType)
        Returns the escaped text of a rich text value as HTML text for a tag attribute. We assume that the result is used as value for a insertion done by jQuery.html(); in this case all '&...' escaped chars are translated back by jQuery and the XSS protection is broken - to avoid this each '&' in the value is 'double escaped'
        Parameters:
        value - the value to escape
        Returns:
        the HTML escaped rich text of the value
      • rich

        public static String rich​(org.apache.sling.api.SlingHttpServletRequest request,
                                  String value)
        Returns the escaped text of a rich text value (reduced HTML escaping).
        Parameters:
        value - the rich text value to escape
        Returns:
        the escaped HTML code of the value
      • map

        public static String map​(org.apache.sling.api.SlingHttpServletRequest request,
                                 String value)
        Replaces all 'href' attribute values found in the text value by the resolver mapped value.
        Parameters:
        request - the text (rich text) value
        value - the text (rich text) value
        Returns:
        the transformed text value
      • filter

        public static String filter​(String value)
        Prevents the given value string from containing XSS stuff.
        Parameters:
        value - source string
        Returns:
        string that does not contain XSS stuff
      • context

        public static String context​(String context,
                                     String value)
        Prevents the given value string from containing XSS stuff.
        Parameters:
        context - the name of the protection context to use
        value - source string
        Returns:
        string that does not contain XSS stuff
      • path

        public static String path​(String value)
        URL encoding for a resource path (without the encoding for the '/' path delimiters).
        Parameters:
        value - the path to encode
        Returns:
        the encoded path
      • script

        public static String script​(String value)
        Returns the escaped script code of a value (Script escaping to prevent from XSS).
        Parameters:
        value - the value to escape
        Returns:
        the Script escaped code of the value
      • style

        public static String style​(String value)
        Returns the escaped CSS code of a value (style escaping to prevent from XSS).
        Parameters:
        value - the value to escape
        Returns:
        the CSS escaped code of the value
      • cdata

        public static String cdata​(String value)
        Returns the encapsulated CDATA string of a value (no escaping!).
        Parameters:
        value - the value to encasulate
        Returns:
        the string with <![CDATA[ ... ]]> around
      • contains

        public static Boolean contains​(Object collection,
                                       Object object)
        Checks whether an array of objects or a collection contains another object.
        Parameters:
        collection - an array of objects or collection
        object - the object to check for
        Returns:
        true if
      • getFormatter

        public static Format getFormatter​(@NotNull
                                          @NotNull Locale locale,
                                          @NotNull
                                          @NotNull String format,
                                          @Nullable
                                          @Nullable Class<?>... type)
        Creates the formatter for a describing string rule
        Parameters:
        locale - the local to use for formatting
        format - the format string rule
        type - the optional value type
        Returns:
        the Format instance
      • getService

        protected static <T> T getService​(Class<T> serviceClass)
      • getBundelContext

        protected static org.osgi.framework.BundleContext getBundelContext()