55 lines
1.6 KiB
Plaintext
55 lines
1.6 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
With https://github.com/samskivert/jmustache[JMustache by samskivert]:
|
|
|
|
----
|
|
Mustache.compiler().escapeHTML(false).compile(template).execute(context); // Sensitive
|
|
Mustache.compiler().withEscaper(Escapers.NONE).compile(template).execute(context); // Sensitive
|
|
----
|
|
With https://freemarker.apache.org/[Freemarker]:
|
|
|
|
----
|
|
freemarker.template.Configuration configuration = new freemarker.template.Configuration();
|
|
configuration.setAutoEscapingPolicy(DISABLE_AUTO_ESCAPING_POLICY); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
With https://github.com/samskivert/jmustache[JMustache by samskivert]:
|
|
|
|
[source,java]
|
|
----
|
|
Mustache.compiler().compile(template).execute(context); // Compliant, auto-escaping is enabled by default
|
|
Mustache.compiler().escapeHTML(true).compile(template).execute(context); // Compliant
|
|
----
|
|
With https://freemarker.apache.org/[Freemarker]. See https://freemarker.apache.org/docs/api/freemarker/template/Configuration.html#setAutoEscapingPolicy-int-["setAutoEscapingPolicy" documentation] for more details.
|
|
|
|
[source,java]
|
|
----
|
|
freemarker.template.Configuration configuration = new freemarker.template.Configuration();
|
|
configuration.setAutoEscapingPolicy(ENABLE_IF_DEFAULT_AUTO_ESCAPING_POLICY); // Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|