HTMLFilter xref

View Javadoc

1   /*
2   * Copyright 2004 The Apache Software Foundation
3   *
4   * Licensed under the Apache License, Version 2.0 (the "License");
5   * you may not use this file except in compliance with the License.
6   * You may obtain a copy of the License at
7   *
8   *     http://www.apache.org/licenses/LICENSE-2.0
9   *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16  
17  package util;
18  
19  /**
20   * HTML filter utility.
21   *
22   * @author Craig R. McClanahan
23   * @author Tim Tye
24   * @version $Revision: 267129 $ $Date: 2004-03-18 08:40:35 -0800 (Thu, 18 Mar 2004) $
25   */
26  
27  public final class HTMLFilter {
28  
29  
30      /**
31       * Filter the specified message string for characters that are sensitive
32       * in HTML.  This avoids potential attacks caused by including JavaScript
33       * codes in the request URL that is often reported in error messages.
34       *
35       * @param message The message string to be filtered
36       */
37      public static String filter(String message) {
38  
39          if (message == null)
40              return (null);
41  
42          char content[] = new char[message.length()];
43          message.getChars(0, message.length(), content, 0);
44          StringBuffer result = new StringBuffer(content.length + 50);
45          for (int i = 0; i < content.length; i++) {
46              switch (content[i]) {
47              case '<':
48                  result.append("&lt;");
49                  break;
50              case '>':
51                  result.append("&gt;");
52                  break;
53              case '&':
54                  result.append("&amp;");
55                  break;
56              case '"':
57                  result.append("&quot;");
58                  break;
59              default:
60                  result.append(content[i]);
61              }
62          }
63          return (result.toString());
64  
65      }
66  
67  
68  }
69