Package com.day.cq.wcm.foundation

Class ExpressionSecurityValidator

java.lang.Object

com.day.cq.wcm.foundation.ExpressionSecurityValidator

public class ExpressionSecurityValidator
extends Object

Security validator for EL expressions to prevent injection attacks. This validator checks expressions for dangerous patterns before they are evaluated.

Constructor Summary

Constructors

Constructor	Description
ExpressionSecurityValidator()

Method Summary

Modifier and Type	Method	Description
static String	sanitizeExpression(String expr)	Sanitizes an expr by removing or escaping dangerous content This is a fallback method - validation should be preferred
static void	validateExpression(String expr)	Deprecated.
static void	validateExpression(String expr, ExpressionSecurityValidator uiCommonsExprValidator)	Validates an EL expr for security issues

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ExpressionSecurityValidator

public ExpressionSecurityValidator()

Method Details

validateExpression

@Deprecated
public static void validateExpression(String expr)

Deprecated.

validateExpression

public static void validateExpression(String expr,
 ExpressionSecurityValidator uiCommonsExprValidator)

Validates an EL expr for security issues

Parameters:

expr - The EL expr to validate

uiCommonsExprValidator - ExpressionSecurityValidator object

sanitizeExpression

public static String sanitizeExpression(String expr)

Sanitizes an expr by removing or escaping dangerous content This is a fallback method - validation should be preferred