OWASP
diff --git a/‎core/src/main/java/org/owasp/encoder/CDATAEncoder.java‎
Lines changed: 62 additions & 63 deletions b/‎core/src/main/java/org/owasp/encoder/CDATAEncoder.java‎
Lines changed: 62 additions & 63 deletions
diff --git a/‎core/src/main/java/org/owasp/encoder/EncodedWriter.java‎
Lines changed: 25 additions & 40 deletions b/‎core/src/main/java/org/owasp/encoder/EncodedWriter.java‎
Lines changed: 25 additions & 40 deletions
@@ -31,37 +31,38 @@
 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 // OF THE POSSIBILITY OF SUCH DAMAGE.
-
 package org.owasp.encoder;
 
 import java.nio.CharBuffer;
 import java.nio.charset.CoderResult;
 
 /**
- * CDATAEncoder -- encoder for CDATA sections.  CDATA sections are generally
- * good for including large blocks of text that contain characters that
- * normally require encoding (ampersand, quotes, less-than, etc...).  The
- * CDATA context however still does not allow invalid characters, and can
- * be closed by the sequence "]]>".  This encoder removes invalid XML
- * characters, and encodes "]]>" (to "]]>]]&lt;![CDATA[>").  The result is
- * that the data integrity is maintained, but the code receiving the output
- * will have to handle multiple CDATA events with character events between.
- * As an alternate approach, the caller could pre-encode "]]>" to something
- * of their choosing (e.g. data.replaceAll("\\]\\]>", "]] >")), then use
- * this encoder to remove any invalid XML characters.
+ * CDATAEncoder -- encoder for CDATA sections. CDATA sections are generally good for including large blocks of text that contain
+ * characters that normally require encoding (ampersand, quotes, less-than, etc...). The CDATA context however still does not
+ * allow invalid characters, and can be closed by the sequence "]]>". This encoder removes invalid XML characters, and encodes
+ * "]]>" (to "]]>]]&lt;![CDATA[>"). The result is that the data integrity is maintained, but the code receiving the output will
+ * have to handle multiple CDATA events with character events between. As an alternate approach, the caller could pre-encode "]]>"
+ * to something of their choosing (e.g. data.replaceAll("\\]\\]>", "]] >")), then use this encoder to remove any invalid XML
+ * characters.
  *
  * @author Jeff Ichnowski
  */
 class CDATAEncoder extends Encoder {
 
-    /** The encoding of @{code "]]>"}. */
-    private static final char[] CDATA_END_ENCODED =
-        "]]>]]<![CDATA[>".toCharArray();
+    /**
+     * The encoding of @{code "]]>"}.
+     */
+    private static final char[] CDATA_END_ENCODED
+            = "]]>]]<![CDATA[>".toCharArray();
 
-    /** Length of {@code "]]>]]<![CDATA[>"}. */
+    /**
+     * Length of {@code "]]>]]<![CDATA[>"}.
+     */
     private static final int CDATA_END_ENCODED_LENGTH = 15;
 
-    /** Length of {@code "]]>"}. */
+    /**
+     * Length of {@code "]]>"}.
+     */
     private static final int CDATA_END_LENGTH = 3;
 
     @Override
@@ -83,35 +84,37 @@ protected int maxEncodedLength(int n) {
     @Override
     protected int firstEncodedOffset(String input, int off, int len) {
         final int n = off + len;
-        int closeCount = 0;
-        for (int i=off ; i<n ; ++i) {
+        //int closeCount = 0; //unused...
+        for (int i = off; i < n; ++i) {
             char ch = input.charAt(i);
             if (ch <= Unicode.MAX_ASCII) {
                 if (ch != ']') {
-                    if (ch >= ' ' || ch == '\n' || ch == '\r' || ch == '\t') {
-                        // valid
-                    } else {
+                    if (ch < ' ' && ch != '\n' && ch != '\r' && ch != '\t') {
                         return i;
+//                    } else {
+//                        // valid
                     }
+
                 } else {
-                    if (i+1 < n) {
-                        if (input.charAt(i+1) != ']') {
+                    if (i + 1 < n) {
+                        if (input.charAt(i + 1) != ']') {
                             // "]x" (next character is safe for this to be ']')
                         } else {
                             // "]]?"
                             // keep looping through ']'
-                            for ( ; i+2 < n && input.charAt(i+2) == ']' ; ++i) {
+                            for (; i + 2 < n && input.charAt(i + 2) == ']'; ++i) {
                                 // valid
                             }
                             // at this point we've looped through a sequence
                             // of 2 or more "]", if the next character is ">"
                             // we need to encode "]]>".
-                            if (i+2 < n) {
-                                if (input.charAt(i+2) == '>') {
+                            if (i + 2 < n) {
+                                if (input.charAt(i + 2) == '>') {
                                     return i;
-                                } else {
-                                    // valid
+//                                } else {
+//                                    // valid
                                 }
+
                             } else {
                                 return n;
                             }
@@ -121,15 +124,15 @@ protected int firstEncodedOffset(String input, int off, int len) {
                     }
                 }
             } else if (ch < Character.MIN_HIGH_SURROGATE) {
-                if (ch > Unicode.MAX_C1_CTRL_CHAR || ch == Unicode.NEL) {
-                    // valid
-                } else {
+                if (ch <= Unicode.MAX_C1_CTRL_CHAR && ch != Unicode.NEL) {
                     return i;
+//                } else {
+//                    // valid
                 }
             } else if (ch <= Character.MAX_HIGH_SURROGATE) {
-                if (i+1 < n) {
-                    if (Character.isLowSurrogate(input.charAt(i+1))) {
-                        int cp = Character.toCodePoint(ch, input.charAt(i+1));
+                if (i + 1 < n) {
+                    if (Character.isLowSurrogate(input.charAt(i + 1))) {
+                        int cp = Character.toCodePoint(ch, input.charAt(i + 1));
                         if (Unicode.isNonCharacter(cp)) {
                             return i;
                         } else {
@@ -143,16 +146,14 @@ protected int firstEncodedOffset(String input, int off, int len) {
                     // end of input, high without low = invalid
                     return i;
                 }
-            } else if (
-                    // low surrogate without preceding high surrogate
-                    ch <= Character.MAX_LOW_SURROGATE ||
-                    // non characters
-                    ch > '\ufffd' ||
-                    ('\ufdd0' <= ch && ch <= '\ufdef'))
-            {
+            } else if ( // low surrogate without preceding high surrogate
+                    ch <= Character.MAX_LOW_SURROGATE
+                    || // non characters
+                    ch > '\ufffd'
+                    || ('\ufdd0' <= ch && ch <= '\ufdef')) {
                 return i;
-            } else {
-                // valid
+//            } else {
+//                // valid
             }
 
         }
@@ -168,7 +169,7 @@ protected CoderResult encodeArrays(CharBuffer input, CharBuffer output, boolean
         int j = output.arrayOffset() + output.position();
         final int m = output.arrayOffset() + output.limit();
 
-        for ( ; i<n ; ++i) {
+        for (; i < n; ++i) {
             char ch = in[i];
             if (ch <= Unicode.MAX_ASCII) {
                 if (ch != ']') {
@@ -181,8 +182,8 @@ protected CoderResult encodeArrays(CharBuffer input, CharBuffer output, boolean
                         out[j++] = XMLEncoder.INVALID_CHARACTER_REPLACEMENT;
                     }
                 } else {
-                    if (i+1 < n) {
-                        if (in[i+1] != ']') {
+                    if (i + 1 < n) {
+                        if (in[i + 1] != ']') {
                             // "]x" (next character is safe for this to be ']')
                             if (j >= m) {
                                 return overflow(input, i, output, j);
@@ -191,7 +192,7 @@ protected CoderResult encodeArrays(CharBuffer input, CharBuffer output, boolean
                         } else {
                             // "]]?"
                             // keep looping through ']'
-                            for ( ; i+2 < n && in[i+2] == ']' ; ++i) {
+                            for (; i + 2 < n && in[i + 2] == ']'; ++i) {
                                 if (j >= m) {
                                     return overflow(input, i, output, j);
                                 }
@@ -200,9 +201,9 @@ protected CoderResult encodeArrays(CharBuffer input, CharBuffer output, boolean
                             // at this point we've looped through a sequence
                             // of 2 or more "]", if the next character is ">"
                             // we need to encode "]]>".
-                            if (i+2 < n) {
-                                if (in[i+2] == '>') {
-                                    if (j+CDATA_END_ENCODED_LENGTH > m) {
+                            if (i + 2 < n) {
+                                if (in[i + 2] == '>') {
+                                    if (j + CDATA_END_ENCODED_LENGTH > m) {
                                         return overflow(input, i, output, j);
                                     }
                                     System.arraycopy(CDATA_END_ENCODED, 0, out, j, CDATA_END_ENCODED_LENGTH);
@@ -215,7 +216,7 @@ protected CoderResult encodeArrays(CharBuffer input, CharBuffer output, boolean
                                     out[j++] = ']';
                                 }
                             } else if (endOfInput) {
-                                if (j+2 > m) {
+                                if (j + 2 > m) {
                                     return overflow(input, i, output, j);
                                 }
                                 out[j++] = ']';
@@ -252,17 +253,17 @@ protected CoderResult encodeArrays(CharBuffer input, CharBuffer output, boolean
                     out[j++] = XMLEncoder.INVALID_CHARACTER_REPLACEMENT;
                 }
             } else if (ch <= Character.MAX_HIGH_SURROGATE) {
-                if (i+1 < n) {
-                    if (Character.isLowSurrogate(in[i+1])) {
-                        int cp = Character.toCodePoint(ch, in[i+1]);
+                if (i + 1 < n) {
+                    if (Character.isLowSurrogate(in[i + 1])) {
+                        int cp = Character.toCodePoint(ch, in[i + 1]);
                         if (Unicode.isNonCharacter(cp)) {
                             if (j >= m) {
                                 return overflow(input, i, output, j);
                             }
                             out[j++] = XMLEncoder.INVALID_CHARACTER_REPLACEMENT;
                             ++i;
                         } else {
-                            if (j+1 >= m) {
+                            if (j + 1 >= m) {
                                 return overflow(input, i, output, j);
                             }
                             out[j++] = ch;
@@ -284,13 +285,11 @@ protected CoderResult encodeArrays(CharBuffer input, CharBuffer output, boolean
                 } else {
                     break;
                 }
-            } else if (
-                    // low surrogate without preceding high surrogate
-                    ch <= Character.MAX_LOW_SURROGATE ||
-                    // non characters
-                    ch > '\ufffd' ||
-                    ('\ufdd0' <= ch && ch <= '\ufdef'))
-            {
+            } else if ( // low surrogate without preceding high surrogate
+                    ch <= Character.MAX_LOW_SURROGATE
+                    || // non characters
+                    ch > '\ufffd'
+                    || ('\ufdd0' <= ch && ch <= '\ufdef')) {
                 if (j >= m) {
                     return overflow(input, i, output, j);
                 }
 
@@ -31,7 +31,6 @@
 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 // OF THE POSSIBILITY OF SUCH DAMAGE.
-
 package org.owasp.encoder;
 
 import java.io.IOException;
@@ -40,20 +39,19 @@
 import java.nio.charset.CoderResult;
 
 /**
- * EncodedWriter -- A writer the encodes all input for a specific
- * context and writes the encoded output to another writer.
+ * EncodedWriter -- A writer the encodes all input for a specific context and writes the encoded output to another writer.
  *
  * @author Jeff Ichnowski
  */
 public class EncodedWriter extends Writer {
 
     /**
      * Buffer size to allocate.
-     * */
+     *
+     */
     static final int BUFFER_SIZE = 1024;
     /**
-     * Buffer to use for handling characters remaining in the input
-     * buffer after an encode.  The value is set high enough to handle
+     * Buffer to use for handling characters remaining in the input buffer after an encode. The value is set high enough to handle
      * the lookaheads of all the encoders in the package.
      */
     static final int LEFT_OVER_BUFFER = 16;
@@ -69,44 +67,37 @@ public class EncodedWriter extends Writer {
     private Encoder _encoder;
 
     /**
-     * Where encoded output is buffered before sending on to the
-     * output writer.
+     * Where encoded output is buffered before sending on to the output writer.
      */
     private CharBuffer _buffer = CharBuffer.allocate(BUFFER_SIZE);
 
     /**
-     * Some encoders require more input or an explicit end-of-input
-     * flag before they will process the remaining characters of an
-     * input buffer.  Because the writer API cannot pass this
-     * information on to the caller (e.g. by returning how many bytes
-     * were actually written), this writer implementation must buffer
-     * up the remaining characters between calls.  The
-     * <code>_hasLeftOver</code> boolean is a flag used to indicate
-     * that there are left over characters in the buffer.
+     * Some encoders require more input or an explicit end-of-input flag before they will process the remaining characters of an
+     * input buffer. Because the writer API cannot pass this information on to the caller (e.g. by returning how many bytes were
+     * actually written), this writer implementation must buffer up the remaining characters between calls. The
+     * <code>_hasLeftOver</code> boolean is a flag used to indicate that there are left over characters in the buffer.
      */
     private boolean _hasLeftOver;
 
     /**
-     * See comment on _hasLeftOver.  This buffer is created on-demand
-     * once.  Whether it has anything to flush is determined by the
+     * See comment on _hasLeftOver. This buffer is created on-demand once. Whether it has anything to flush is determined by the
      * _hasLeftOver flag.
      */
     private CharBuffer _leftOverBuffer;
 
     /**
-     * Creates an EncodedWriter that uses the specified encoder to
-     * encode all input before sending it to the wrapped writer.
+     * Creates an EncodedWriter that uses the specified encoder to encode all input before sending it to the wrapped writer.
      *
      * @param out the target for all writes
      * @param encoder the encoder to use
      */
     public EncodedWriter(Writer out, Encoder encoder) {
         super(out);
 
-        if (out == null) {
-            throw new NullPointerException("writer must not be null");
-        }
-
+//      Reduntant null check, super(out) checks for null and throws NPE.
+//        if (out == null) {
+//            throw new NullPointerException("writer must not be null");
+//        }
         if (encoder == null) {
             throw new NullPointerException("encoder must not be null");
         }
@@ -117,28 +108,26 @@ public EncodedWriter(Writer out, Encoder encoder) {
     }
 
     /**
-     * Creates an EncodedWriter that uses the specified encoder to
-     * encode all input before sending it to the wrapped writer.
-     * This method is equivalent to calling:
+     * Creates an EncodedWriter that uses the specified encoder to encode all input before sending it to the wrapped writer. This
+     * method is equivalent to calling:
      * <pre>
      *     new EncodedWriter(out, Encoders.forName(contextName));
      * </pre>
+     *
      * @param out the target for all writes
      * @param contextName the encoding context name.
-     * @throws UnsupportedContextException if the contextName is
-     * unrecognized or not supported.
+     * @throws UnsupportedContextException if the contextName is unrecognized or not supported.
      */
     public EncodedWriter(Writer out, String contextName)
-        throws UnsupportedContextException
-    {
+            throws UnsupportedContextException {
         this(out, Encoders.forName(contextName));
     }
 
     @Override
     public void write(char[] cbuf, int off, int len) throws IOException {
         synchronized (lock) {
             CharBuffer input = CharBuffer.wrap(cbuf);
-            input.limit(off+len).position(off);
+            input.limit(off + len).position(off);
 
             flushLeftOver(input);
 
@@ -163,8 +152,7 @@ public void write(char[] cbuf, int off, int len) throws IOException {
     }
 
     /**
-     * Flushes the contents of the buffer to the writer and resets the
-     * buffer to make room for more input.
+     * Flushes the contents of the buffer to the writer and resets the buffer to make room for more input.
      *
      * @throws IOException thrown by the wrapped output.
      */
@@ -174,17 +162,14 @@ private void flushBufferToWriter() throws IOException {
     }
 
     /**
-     * Flushes the left-over buffer.  Characters from the input buffer
-     * are used to add more data to the _leftOverBuffer in order to
+     * Flushes the left-over buffer. Characters from the input buffer are used to add more data to the _leftOverBuffer in order to
      * make the flush happen.
      *
-     * @param input the next input to encode, or null if at end of
-     * file.
+     * @param input the next input to encode, or null if at end of file.
      * @throws IOException from the underlying writer.
      */
     private void flushLeftOver(CharBuffer input)
-        throws IOException
-    {
+            throws IOException {
         if (!_hasLeftOver) {
             return;
         }