001: /*
002: * Copyright 1999-2004 The Apache Software Foundation
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016:
017: package org.apache.tomcat.util.http;
018:
019: import org.apache.tomcat.util.res.StringManager;
020:
021: /**
022: * Handle (internationalized) HTTP messages.
023: *
024: * @author James Duncan Davidson [duncan@eng.sun.com]
025: * @author James Todd [gonzo@eng.sun.com]
026: * @author Jason Hunter [jch@eng.sun.com]
027: * @author Harish Prabandham
028: * @author costin@eng.sun.com
029: */
030: public class HttpMessages {
031: // XXX move message resources in this package
032: protected static StringManager sm = StringManager
033: .getManager("org.apache.tomcat.util.http.res");
034:
035: static String st_200 = null;
036: static String st_302 = null;
037: static String st_400 = null;
038: static String st_404 = null;
039:
040: /** Get the status string associated with a status code.
041: * No I18N - return the messages defined in the HTTP spec.
042: * ( the user isn't supposed to see them, this is the last
043: * thing to translate)
044: *
045: * Common messages are cached.
046: *
047: */
048: public static String getMessage(int status) {
049: // method from Response.
050:
051: // Does HTTP requires/allow international messages or
052: // are pre-defined? The user doesn't see them most of the time
053: switch (status) {
054: case 200:
055: if (st_200 == null)
056: st_200 = sm.getString("sc.200");
057: return st_200;
058: case 302:
059: if (st_302 == null)
060: st_302 = sm.getString("sc.302");
061: return st_302;
062: case 400:
063: if (st_400 == null)
064: st_400 = sm.getString("sc.400");
065: return st_400;
066: case 404:
067: if (st_404 == null)
068: st_404 = sm.getString("sc.404");
069: return st_404;
070: }
071: return sm.getString("sc." + status);
072: }
073:
074: /**
075: * Filter the specified message string for characters that are sensitive
076: * in HTML. This avoids potential attacks caused by including JavaScript
077: * codes in the request URL that is often reported in error messages.
078: *
079: * @param message The message string to be filtered
080: */
081: public static String filter(String message) {
082:
083: if (message == null)
084: return (null);
085:
086: char content[] = new char[message.length()];
087: message.getChars(0, message.length(), content, 0);
088: StringBuffer result = new StringBuffer(content.length + 50);
089: for (int i = 0; i < content.length; i++) {
090: switch (content[i]) {
091: case '<':
092: result.append("<");
093: break;
094: case '>':
095: result.append(">");
096: break;
097: case '&':
098: result.append("&");
099: break;
100: case '"':
101: result.append(""");
102: break;
103: default:
104: result.append(content[i]);
105: }
106: }
107: return (result.toString());
108: }
109:
110: }
|