01: /* CVS ID: $Id: JavaScriptFilter.java,v 1.1.1.1 2002/10/02 18:42:54 wastl Exp $ */
02: package net.wastl.webmail.ui.html;
03:
04: import java.util.regex.*;
05:
06: /*
07: * JavaScriptFilter.java
08: *
09: * Created: Thu Oct 14 12:08:28 1999
10: *
11: * Copyright (C) 1999-2000 Sebastian Schaffert
12: *
13: * This program is free software; you can redistribute it and/or
14: * modify it under the terms of the GNU General Public License
15: * as published by the Free Software Foundation; either version 2
16: * of the License, or (at your option) any later version.
17: *
18: * This program is distributed in the hope that it will be useful,
19: * but WITHOUT ANY WARRANTY; without even the implied warranty of
20: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21: * GNU General Public License for more details.
22: *
23: * You should have received a copy of the GNU General Public License
24: * along with this program; if not, write to the Free Software
25: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26: */
27:
28: /**
29: * Filter JavaScript content from HTML messages to avoid security problems.
30: *
31: * @author Sebastian Schaffert
32: * @version
33: */
34:
35: public class JavaScriptFilter {
36:
37: private static Pattern[] filter = new Pattern[3];
38: private static String[] substitution = new String[3];
39:
40: private static boolean initialized = false;
41:
42: public JavaScriptFilter() {
43:
44: }
45:
46: public static void init() {
47: try {
48: filter[0] = Pattern.compile("<\\s*SCRIPT[^>]*>",
49: Pattern.CASE_INSENSITIVE);
50: filter[1] = Pattern.compile("<\\s*\\/SCRIPT[^>]*>",
51: Pattern.CASE_INSENSITIVE);
52: filter[2] = Pattern
53: .compile(
54: "<\\s*A +HREF *=.*\"(javascript:[^\"]*)\"[^>]*>([^<]+)</A>",
55: Pattern.CASE_INSENSITIVE);
56:
57: substitution[0] = "<P><FONT color=\"red\">WebMail security: JavaScript filtered</FONT>:<BR>\n<HR>\n<FONT COLOR=\"orange\"><PRE>";
58: substitution[1] = "</PRE></FONT><HR><FONT color=\"red\">JavaScript end</FONT><P>";
59: substitution[2] = "<FONT COLOR=\"red\">WebMail security: JavaScript link filtered:</FONT> <FONT COLOR=\"orange\">$1</FONT> $2 ";
60: // Link highlighting
61: //uri=new RE("http\\:\\/\\/(.+)(html|\\/)(\\S|\\-|\\+|\\.|\\\|\\:)");
62: initialized = true;
63: } catch (Exception e) {
64: e.printStackTrace();
65: }
66: }
67:
68: public static String apply(String s) {
69: if (!initialized) {
70: init();
71: }
72: String retval = s;
73: for (int i = 0; i < filter.length; i++) {
74: Matcher m = filter[i].matcher(retval);
75: retval = m.replaceAll(substitution[i]);
76: }
77: return retval;
78: }
79:
80: } // JavaScriptFilter
|