Skip to main content

Supported Java cleansing functions

FunctionFlaw class
android.net.Uri.encodeCWE-80, 93, 113, and 117
<c:out> (org.apache.taglibs.standard.tag.rt.core.OutTag)CWE-80
com.google.gwt.safehtml.shared.SafeHtmlUtils.htmlEscapeCWE-80
com.google.gwt.safehtml.shared.SafeHtmlUtils.htmlEscapeAllowEntitiesCWE-80
com.google.gwt.safehtml.shared.SafeHtmlUtils.fromStringCWE-80
com.liferay.portal.kernel.util.HtmlUtil.escapeAttributeCWE-80
com.liferay.portal.kernel.util.HtmlUtil.escapeCWE-80
com.liferay.portal.kernel.util.HtmlUtil.escapeHREFCWE-80
com.liferay.portal.kernel.util.HtmlUtil.escapeCSSCWE-80, 93, 113, and 117
com.liferay.portal.kernel.util.HtmlUtil.escapeREFCWE-80, 93, 113, and 117
com.liferay.portal.kernel.util.HtmlUtil.escapeJSCWE-80, 93, 113, and 117
com.liferay.portal.kernel.util.HtmlUtil.escapeURLCWE-80
com.liferay.portal.kernel.util.HtmlUtil.escapeXPathCWE-80, 93, 113, and 117
com.liferay.portal.kernel.util.HtmlUtil.escapeXPathAttributeCWE-80, 93, 113, and 117
com.oreilly.servlet.Base64encoder.EncodeCWE-80, 93, 113, and 117
java.net.URLEncoder.encodeCWE-80, 93, 113, and 117
org.tuckey.web.filters.validation.utils.StringEscapeUtils.escapeHtmlCWE-80
org.apache.axis.components.encoding.XMLEncoder.encodeCWE-80
org.apache.commons.codec.net.URLCodec.encodeCWE-80, 93, 113, and 117
org.apache.commons.lang.StringEscapeUtils.escapeJavaCWE-93, 113, and 117
org.apache.commons.lang3.StringEscapeUtils.escapeJavaCWE-93, 113, and 117
org.apache.commons.lang.StringEscapeUtils.escapeJavaScriptCWE-93, 113, and 117
org.apache.commons.text.StringEscapeUtils.escapeEcmaScriptCWE-93, 113, and 117
org.apache.commons.text.StringEscapeUtils.escapeJavaCWE-93, 113, and 117
org.apache.commons.text.StringEscapeUtils.escapeJsonCWE-93, 113, and 117
org.apache.commons.text.StringEscapeUtils.escapeXml10CWE-80
org.apache.commons.text.StringEscapeUtils.escapeXml11CWE-80
org.apache.commons.lang.StringUtils.deleteWhitespaceCWE-93, 113, and 117
org.apache.commons.lang3.StringUtils.deleteWhitespaceCWE-93, 113, and 117
org.apache.commons.lang.StringUtils.normalizeSpaceCWE-93, 113, and 117
org.apache.commons.lang3.StringUtils.normalizeSpaceCWE-93, 113, and 117
org.apache.xerces.impl.dv.util.Base64.encodeCWE-80, 93, 113, and 117
${fn:escapeXml()} (org.apache.taglibs.standard.functions.Functions.escapeXml)CWE-80
org.apache.axis2.util.XMLUtils.base64encodeCWE-80, 93, 113, and 117
org.apache.xerces.impl.dv.util.Base64.encodeCWE-80, 93, 113, and 117
org.apache.xerces.impl.dv.util.HexBin.encodeCWE-80, 93, 113, and 117
org.keyczar.util.Base64Coder.encodeCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forCDATACWE-80
org.owasp.encoder.Encode.forCssStringCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forCssUrlCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forHtmlCWE-80
org.owasp.encoder.Encode.forHtmlAttributeCWE-80
org.owasp.encoder.Encode.forHtmlContentCWE-80
org.owasp.encoder.Encode.forHtmlUnquotedAttributeCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forJavaCWE-93, 113, and 117
org.owasp.encoder.Encode.forJavaScriptCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forJavaScriptAttributeCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forJavaScriptBlockCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forJavaScriptSourceCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forUriCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forUriComponentCWE-80, 93, 113, and 117
org.owasp.encoder.Encode.forXmlCWE-80
org.owasp.encoder.Encode.forXmlAttributeCWE-80
org.owasp.encoder.Encode.forXmlCommentCWE-80
org.owasp.encoder.Encode.forXmlContentCWE-80
org.owasp.esapi.Encoder.encodeForBase64CWE-80, 93, 113, and 117
org.owasp.esapi.Encoder.encodeForCSSCWE-80, 93, 113, and 117
org.owasp.esapi.Encoder.encodeForDNCWE-90
org.owasp.esapi.Encoder.encodeForHTMLCWE-80, 93, 113, and 117
org.owasp.esapi.Encoder.encodeForHTMLAttributeCWE-80, 93, 113, and 117
org.owasp.esapi.Encoder.encodeForJavaScriptCWE-80, 93, 113, and 117
org.owasp.esapi.Encoder.encodeForLDAPCWE-90
org.owasp.esapi.Encoder.encodeForURLCWE-80, 93, 113, and 117
org.owasp.esapi.Encoder.encodeForXMLCWE-80, 93, 113, and 117
org.owasp.esapi.Encoder.encodeForXMLAttributeCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForDNCWE-90
org.owasp.esapi.interfaces.IEncoder.encodeForLDAPCWE-90
org.owasp.esapi.StringUtilities.replaceLinearWhiteSpaceCWE-93, 113, and 117
org.owasp.esapi.StringUtilities.stripControlsCWE-93, 113, and 117
org.owasp.reform.Reform.HtmlAttributeEncodeCWE-80, 93, 113, and 117
org.owasp.reform.Reform.HtmlEncodeCWE-80, 93, 113, and 117
org.owasp.reform.Reform.JsStringCWE-80, 93, 113, and 117
org.owasp.reform.Reform.VbsStringCWE-80, 93, 113, and 117
org.owasp.reform.Reform.XmlAttributeEncodeCWE-80, 93, 113, and 117
org.owasp.reform.Reform.XmlEncodeCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForHTMLCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForHTMLAttributeCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForJavascriptCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForXMLCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForXMLAttributeCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForURLCWE-80, 93, 113, and 117
org.owasp.esapi.interfaces.IEncoder.encodeForBase64CWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForBase64CWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForCSSCWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForHTMLCWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForHTMLAttributeCWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForJavaScriptCWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForURLCWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForXMLCWE-80, 93, 113, and 117
org.owasp.esapi.reference.DefaultEncoder.encodeForXMLAttributeCWE-80, 93, 113, and 117
org.w3c.tidy.servlet.util.HTMLEncode.EncodeCWE-80
org.w3c.tidy.servlet.util.HTMLEncode.EncodeHREFQueryCWE-80
org.springframework.util.StringUtils.trimAllWhitespaceCWE-93, 113, and 117
org.springframework.web.util.HtmlUtils.htmlEscapeCWE-80
org.springframework.web.util.HtmlUtils.htmlEscapeDecimalCWE-80
org.springframework.web.util.HtmlUtils.htmlEscapeHexCWE-80
org.springframework.web.util.UriUtils.encodeCWE-80, 93, 113, and 117
org.springframework.web.util.UriUtils.encodeAuthorityCWE-93, 113, and 117
org.springframework.web.util.UriUtils.encodeFragmentCWE-93, 113, and 117
org.springframework.web.util.UriUtils.encodeHostCWE-93, 113, and 117
org.springframework.web.util.UriUtils.encodePathCWE-93, 113, and 117
org.springframework.web.util.UriUtils.encodePathSegmentCWE-93, 113, and 117
org.springframework.web.util.UriUtils.encodePortCWE-80, 93, 113, and 117
org.springframework.web.util.UriUtils.encodeQueryCWE-93, 113, and 117
org.springframework.web.util.UriUtils.encodeQueryParamCWE-93, 113, and 117
org.springframework.web.util.UriUtils.encodeSchemeCWE-80, 93, 113, and 117
org.springframework.web.util.UriUtils.encodeUserInfoCWE-93, 113, and 117
sun.misc.BASE64encoder.EncodeCWE-80, 93, 113, and 117
sun.misc.BASE64encoder.EncodeStringCWE-80, 93, 113, and 117