001    /*
002    * Licensed to the Apache Software Foundation (ASF) under one or more
003    * contributor license agreements.  See the NOTICE file distributed with
004    * this work for additional information regarding copyright ownership.
005    * The ASF licenses this file to You under the Apache License, Version 2.0
006    * (the "License"); you may not use this file except in compliance with
007    * the License.  You may obtain a copy of the License at
008    *
009    *     http://www.apache.org/licenses/LICENSE-2.0
010    *
011    * Unless required by applicable law or agreed to in writing, software
012    * distributed under the License is distributed on an "AS IS" BASIS,
013    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014    * See the License for the specific language governing permissions and
015    * limitations under the License.
016    */
017    
018    package util;
019    
020    /**
021     * HTML filter utility.
022     *
023     * @author Craig R. McClanahan
024     * @author Tim Tye
025     * @version $Revision: 514091 $ $Date: 2007-03-03 01:26:39 -0500 (Sat, 03 Mar 2007) $
026     */
027    
028    public final class HTMLFilter {
029    
030    
031        /**
032         * Filter the specified message string for characters that are sensitive
033         * in HTML.  This avoids potential attacks caused by including JavaScript
034         * codes in the request URL that is often reported in error messages.
035         *
036         * @param message The message string to be filtered
037         */
038        public static String filter(String message) {
039    
040            if (message == null)
041                return (null);
042    
043            char content[] = new char[message.length()];
044            message.getChars(0, message.length(), content, 0);
045            StringBuffer result = new StringBuffer(content.length + 50);
046            for (int i = 0; i < content.length; i++) {
047                switch (content[i]) {
048                case '<':
049                    result.append("&lt;");
050                    break;
051                case '>':
052                    result.append("&gt;");
053                    break;
054                case '&':
055                    result.append("&amp;");
056                    break;
057                case '"':
058                    result.append("&quot;");
059                    break;
060                default:
061                    result.append(content[i]);
062                }
063            }
064            return (result.toString());
065    
066        }
067    
068    
069    }
070