| 1 | /* |
|---|
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
|---|
| 3 | * contributor license agreements. See the NOTICE file distributed with |
|---|
| 4 | * this work for additional information regarding copyright ownership. |
|---|
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
|---|
| 6 | * (the "License"); you may not use this file except in compliance with |
|---|
| 7 | * the License. You may obtain a copy of the License at |
|---|
| 8 | * |
|---|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|---|
| 10 | * |
|---|
| 11 | * Unless required by applicable law or agreed to in writing, software |
|---|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|---|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|---|
| 14 | * See the License for the specific language governing permissions and |
|---|
| 15 | * limitations under the License. |
|---|
| 16 | */ |
|---|
| 17 | package util; |
|---|
| 18 | |
|---|
| 19 | /** |
|---|
| 20 | * HTML filter utility. |
|---|
| 21 | * |
|---|
| 22 | * @author Craig R. McClanahan |
|---|
| 23 | * @author Tim Tye |
|---|
| 24 | * @version $Revision: 467217 $ $Date: 2006-10-24 05:14:34 +0200 (Tue, 24 Oct 2006) $ |
|---|
| 25 | */ |
|---|
| 26 | |
|---|
| 27 | public final class HTMLFilter { |
|---|
| 28 | |
|---|
| 29 | |
|---|
| 30 | /** |
|---|
| 31 | * Filter the specified message string for characters that are sensitive |
|---|
| 32 | * in HTML. This avoids potential attacks caused by including JavaScript |
|---|
| 33 | * codes in the request URL that is often reported in error messages. |
|---|
| 34 | * |
|---|
| 35 | * @param message The message string to be filtered |
|---|
| 36 | */ |
|---|
| 37 | public static String filter(String message) { |
|---|
| 38 | |
|---|
| 39 | if (message == null) |
|---|
| 40 | return (null); |
|---|
| 41 | |
|---|
| 42 | char content[] = new char[message.length()]; |
|---|
| 43 | message.getChars(0, message.length(), content, 0); |
|---|
| 44 | StringBuffer result = new StringBuffer(content.length + 50); |
|---|
| 45 | for (int i = 0; i < content.length; i++) { |
|---|
| 46 | switch (content[i]) { |
|---|
| 47 | case '<': |
|---|
| 48 | result.append("<"); |
|---|
| 49 | break; |
|---|
| 50 | case '>': |
|---|
| 51 | result.append(">"); |
|---|
| 52 | break; |
|---|
| 53 | case '&': |
|---|
| 54 | result.append("&"); |
|---|
| 55 | break; |
|---|
| 56 | case '"': |
|---|
| 57 | result.append("""); |
|---|
| 58 | break; |
|---|
| 59 | default: |
|---|
| 60 | result.append(content[i]); |
|---|
| 61 | } |
|---|
| 62 | } |
|---|
| 63 | return (result.toString()); |
|---|
| 64 | |
|---|
| 65 | } |
|---|
| 66 | |
|---|
| 67 | |
|---|
| 68 | } |
|---|
| 69 | |
|---|
