June 2017 - Redino blog

Some XSS attacks can be prevented by using HTML Encoding.

HTML encoding function is built into many languages, In .NET WebUtility.HtmlEncode can do it, in PHP we can use htmlentites function, in Python cgi.escape can be used.

But there is no built-in function to do HTML Encode (or HTML Entities) in Java.

We can use Apache Commons Lang library to do this work.

import org.apache.commons.lang.StringEscapeUtils;

System.out.println(StringEscapeUtils.escapeHtml("<>"));

import org.apache.commons.lang.StringEscapeUtils;

System.out.println(StringEscapeUtils.escapeHtml("<>"));

Above code will output following result using HTML Encoding

<>

Note that not all XSS attacks can be prevented by HTML encoding (https://stackoverflow.com/questions/53728/will-html-encoding-prevent-all-kinds-of-xss-attacks).

Solution

To get row count of a sheet (no matter the row is empty or not), we should use getLastRowNum() method.

So above code can be changed to

        for(int i=0; i<=sheet.getLastRowNum(); i++){
            Row row = sheet.getRow(i);
            if(row == null || row.getCell(0) == null){
                System.out.println(row.getCell(0).getStringCellValue());
            }
        }

for(int i=0; i<=sheet.getLastRowNum(); i++){

Row row = sheet.getRow(i);

if(row == null || row.getCell(0) == null){

System.out.println(row.getCell(0).getStringCellValue());

}

Because getLastRowNum() method returns 0-based row index, so we use i<=sheet.getLastRowNum() as the loop condition.

Dom4j is a XML processing library which supports XPath, DOM, SAX, JAXP. In this post we will see a problem that dom4j could not write document to file.

Following XML is sample data which we will save to file using dom4j.

<?xml version="1.0" encoding="UTF-8"?>
<root>
    <payment creator_id="4"/>
</root>

<?xml version="1.0" encoding="UTF-8"?>

<root>

</root>

To generate above XML and write it to file, following code will be used

Document doc = DocumentHelper.createDocument();
Element root = doc.addElement("root");
root.addElement("payment").addAttribute("creator_id", 4);
FileWriter writer = new FileWriter("payments.xml");
doc.write(writer);

Document doc = DocumentHelper.createDocument();

Element root = doc.addElement("root");

root.addElement("payment").addAttribute("creator_id", 4);

FileWriter writer = new FileWriter("payments.xml");

doc.write(writer);

Above code may generate an empty file with no content.

This is because the content is stored in buffer and not really written to file when calling write method. To write to file, we should call flush method or close method.

So above code should be changed to

Document doc = DocumentHelper.createDocument();
Element root = doc.addElement("root");
root.addElement("payment").addAttribute("creator_id", 4);
FileWriter writer = new FileWriter("payments.xml");
doc.write(writer);
doc.flush();

Document doc = DocumentHelper.createDocument();

Element root = doc.addElement("root");

root.addElement("payment").addAttribute("creator_id", 4);

FileWriter writer = new FileWriter("payments.xml");

doc.write(writer);

doc.flush();

Document doc = DocumentHelper.createDocument();
Element root = doc.addElement("root");
root.addElement("payment").addAttribute("creator_id", 4);
FileWriter writer = new FileWriter("payments.xml");
doc.write(writer);
doc.close();

Document doc = DocumentHelper.createDocument();

Element root = doc.addElement("root");

root.addElement("payment").addAttribute("creator_id", 4);

FileWriter writer = new FileWriter("payments.xml");

doc.write(writer);

doc.close();

Month: June 2017

Java HTML Encoding (HTML Entities)

Apache POI Sheet.getPhysicalNumberOfRows()

Solution

Dom4j Writing File Not Working