HTMLFilter xref

View Javadoc

1   /*
2   * Copyright 2004 The Apache Software Foundation
3   *
4   * Licensed under the Apache License, Version 2.0 (the "License");
5   * you may not use this file except in compliance with the License.
6   * You may obtain a copy of the License at
7   *
8   *     http://www.apache.org/licenses/LICENSE-2.0
9   *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16  package util;
17  
18  /**
19   * HTML filter utility.
20   *
21   * @author Craig R. McClanahan
22   * @author Tim Tye
23   * @version $Revision: 267129 $ $Date: 2004-03-18 08:40:35 -0800 (Thu, 18 Mar 2004) $
24   */
25  
26  public final class HTMLFilter {
27  
28  
29      /**
30       * Filter the specified message string for characters that are sensitive
31       * in HTML.  This avoids potential attacks caused by including JavaScript
32       * codes in the request URL that is often reported in error messages.
33       *
34       * @param message The message string to be filtered
35       */
36      public static String filter(String message) {
37  
38          if (message == null)
39              return (null);
40  
41          char content[] = new char[message.length()];
42          message.getChars(0, message.length(), content, 0);
43          StringBuffer result = new StringBuffer(content.length + 50);
44          for (int i = 0; i < content.length; i++) {
45              switch (content[i]) {
46              case '<':
47                  result.append("&lt;");
48                  break;
49              case '>':
50                  result.append("&gt;");
51                  break;
52              case '&':
53                  result.append("&amp;");
54                  break;
55              case '"':
56                  result.append("&quot;");
57                  break;
58              default:
59                  result.append(content[i]);
60              }
61          }
62          return (result.toString());
63  
64      }
65  
66  
67  }
68