1 | #ifndef SECURITYTOOLS_H
|
---|
2 | #define SECURITYTOOLS_H
|
---|
3 |
|
---|
4 | #include "text_t.h"
|
---|
5 |
|
---|
6 | // enums start numbering at 0 unless otherwise specified
|
---|
7 | enum SQLMode { STANDARD, ANSI }; // public static enum Mode { ANSI(1),STANDARD(0); ...}
|
---|
8 |
|
---|
9 |
|
---|
10 | // two bytes
|
---|
11 | static const text_t REPLACEMENT_HEX = "fffd";
|
---|
12 | //static const unsigned short REPLACEMENT_CHAR = '\ufffd';
|
---|
13 | static const text_t IMMUNE_CSS = "";
|
---|
14 | static const text_t IMMUNE_HTML = ",.-_ ";
|
---|
15 | static const text_t IMMUNE_HTMLATTR = ",.-_";
|
---|
16 | static const text_t IMMUNE_JAVASCRIPT = ",._";
|
---|
17 | static const text_t IMMUNE_URL = "*.-_"; // See http://docs.oracle.com/javase/6/docs/api/java/net/URLEncoder.html
|
---|
18 | static const text_t IMMUNE_SQL = " ";
|
---|
19 |
|
---|
20 |
|
---|
21 | // a very simple version of esapi's Validator.isValidInput()
|
---|
22 | bool isValidURLProtocol(const text_t& url);
|
---|
23 |
|
---|
24 | // String conversion
|
---|
25 | text_t encodeForHTML(const text_t& input, const text_t& immuneChars=IMMUNE_HTML);
|
---|
26 | text_t encodeForURL(const text_t& input, const text_t& immuneChars=IMMUNE_URL);
|
---|
27 | text_t encodeForJavascript(const text_t& input, const text_t& immuneChars=IMMUNE_JAVASCRIPT, bool dmsafe=true);
|
---|
28 | text_t encodeForHTMLAttr(const text_t& input, const text_t& immuneChars=IMMUNE_HTMLATTR);
|
---|
29 | text_t encodeForCSS(const text_t& input, const text_t& immuneChars=IMMUNE_CSS);
|
---|
30 | text_t encodeForMySQL(const text_t& input, const text_t& immuneChars=IMMUNE_SQL, const SQLMode mode=STANDARD);
|
---|
31 |
|
---|
32 | // Character conversions
|
---|
33 | text_t encodeForHTML(const text_t& immuneChars, const unsigned short input);
|
---|
34 | text_t encodeForURL(const text_t& immuneChars, const unsigned short input);
|
---|
35 | text_t encodeForJavascript(const text_t& immuneChars, const unsigned short input, bool dmsafe);
|
---|
36 | text_t encodeForCSS(const text_t& immuneChars, const unsigned short input);
|
---|
37 | text_t encodeForMySQL(const text_t& immuneChars, const unsigned short input, const SQLMode mode);
|
---|
38 |
|
---|
39 |
|
---|
40 | #endif
|
---|