[66] | 1 | /* |
---|
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
---|
| 3 | * contributor license agreements. See the NOTICE file distributed with |
---|
| 4 | * this work for additional information regarding copyright ownership. |
---|
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
---|
| 6 | * (the "License"); you may not use this file except in compliance with |
---|
| 7 | * the License. You may obtain a copy of the License at |
---|
| 8 | * |
---|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
---|
| 10 | * |
---|
| 11 | * Unless required by applicable law or agreed to in writing, software |
---|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
---|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
---|
| 14 | * See the License for the specific language governing permissions and |
---|
| 15 | * limitations under the License. |
---|
| 16 | */ |
---|
| 17 | package util; |
---|
| 18 | |
---|
| 19 | /** |
---|
| 20 | * HTML filter utility. |
---|
| 21 | * |
---|
| 22 | * @author Craig R. McClanahan |
---|
| 23 | * @author Tim Tye |
---|
| 24 | * @version $Revision: 467217 $ $Date: 2006-10-24 05:14:34 +0200 (Tue, 24 Oct 2006) $ |
---|
| 25 | */ |
---|
| 26 | |
---|
| 27 | public final class HTMLFilter { |
---|
| 28 | |
---|
| 29 | |
---|
| 30 | /** |
---|
| 31 | * Filter the specified message string for characters that are sensitive |
---|
| 32 | * in HTML. This avoids potential attacks caused by including JavaScript |
---|
| 33 | * codes in the request URL that is often reported in error messages. |
---|
| 34 | * |
---|
| 35 | * @param message The message string to be filtered |
---|
| 36 | */ |
---|
| 37 | public static String filter(String message) { |
---|
| 38 | |
---|
| 39 | if (message == null) |
---|
| 40 | return (null); |
---|
| 41 | |
---|
| 42 | char content[] = new char[message.length()]; |
---|
| 43 | message.getChars(0, message.length(), content, 0); |
---|
| 44 | StringBuffer result = new StringBuffer(content.length + 50); |
---|
| 45 | for (int i = 0; i < content.length; i++) { |
---|
| 46 | switch (content[i]) { |
---|
| 47 | case '<': |
---|
| 48 | result.append("<"); |
---|
| 49 | break; |
---|
| 50 | case '>': |
---|
| 51 | result.append(">"); |
---|
| 52 | break; |
---|
| 53 | case '&': |
---|
| 54 | result.append("&"); |
---|
| 55 | break; |
---|
| 56 | case '"': |
---|
| 57 | result.append("""); |
---|
| 58 | break; |
---|
| 59 | default: |
---|
| 60 | result.append(content[i]); |
---|
| 61 | } |
---|
| 62 | } |
---|
| 63 | return (result.toString()); |
---|
| 64 | |
---|
| 65 | } |
---|
| 66 | |
---|
| 67 | |
---|
| 68 | } |
---|
| 69 | |
---|