Class EppXmlSanitizer

java.lang.Object
google.registry.flows.EppXmlSanitizer

public class EppXmlSanitizer extends Object
Sanitizes sensitive data in incoming/outgoing EPP XML messages.

Current implementation masks user credentials (text following <pw> and <newPW> tags) as follows:

  • A control character (in ranges [0 - 1F] and [7F - 9F]) is replaced with 'C'.
  • Everything else is replaced with '*'.

Invalid XML text is not sanitized, and returned as is.

  • Constructor Details

    • EppXmlSanitizer

      public EppXmlSanitizer()
  • Method Details

    • sanitizeEppXml

      public static String sanitizeEppXml(byte[] inputXmlBytes)
      Returns sanitized EPP XML message. For malformed XML messages, base64-encoded raw bytes will be returned.

      The output always begins with version and encoding declarations no matter if the input includes them. If encoding is not declared by input, UTF-8 will be used according to XML standard.

      Also, an empty element will be formatted as <tag></tag> instead of <tag/>.