1 | /* |
---|
2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
---|
3 | * contributor license agreements. See the NOTICE file distributed with |
---|
4 | * this work for additional information regarding copyright ownership. |
---|
5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
---|
6 | * (the "License"); you may not use this file except in compliance with |
---|
7 | * the License. You may obtain a copy of the License at |
---|
8 | * |
---|
9 | * http://www.apache.org/licenses/LICENSE-2.0 |
---|
10 | * |
---|
11 | * Unless required by applicable law or agreed to in writing, software |
---|
12 | * distributed under the License is distributed on an "AS IS" BASIS, |
---|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
---|
14 | * See the License for the specific language governing permissions and |
---|
15 | * limitations under the License. |
---|
16 | */ |
---|
17 | package util; |
---|
18 | |
---|
19 | /** |
---|
20 | * HTML filter utility. |
---|
21 | * |
---|
22 | * @author Craig R. McClanahan |
---|
23 | * @author Tim Tye |
---|
24 | * @version $Revision: 467217 $ $Date: 2006-10-24 05:14:34 +0200 (Tue, 24 Oct 2006) $ |
---|
25 | */ |
---|
26 | |
---|
27 | public final class HTMLFilter { |
---|
28 | |
---|
29 | |
---|
30 | /** |
---|
31 | * Filter the specified message string for characters that are sensitive |
---|
32 | * in HTML. This avoids potential attacks caused by including JavaScript |
---|
33 | * codes in the request URL that is often reported in error messages. |
---|
34 | * |
---|
35 | * @param message The message string to be filtered |
---|
36 | */ |
---|
37 | public static String filter(String message) { |
---|
38 | |
---|
39 | if (message == null) |
---|
40 | return (null); |
---|
41 | |
---|
42 | char content[] = new char[message.length()]; |
---|
43 | message.getChars(0, message.length(), content, 0); |
---|
44 | StringBuffer result = new StringBuffer(content.length + 50); |
---|
45 | for (int i = 0; i < content.length; i++) { |
---|
46 | switch (content[i]) { |
---|
47 | case '<': |
---|
48 | result.append("<"); |
---|
49 | break; |
---|
50 | case '>': |
---|
51 | result.append(">"); |
---|
52 | break; |
---|
53 | case '&': |
---|
54 | result.append("&"); |
---|
55 | break; |
---|
56 | case '"': |
---|
57 | result.append("""); |
---|
58 | break; |
---|
59 | default: |
---|
60 | result.append(content[i]); |
---|
61 | } |
---|
62 | } |
---|
63 | return (result.toString()); |
---|
64 | |
---|
65 | } |
---|
66 | |
---|
67 | |
---|
68 | } |
---|
69 | |
---|