001: /*
002: * $Header: /home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/util/HTMLFilter.java,v 1.1 2002/04/23 15:17:25 remm Exp $
003: * $Revision: 1.1 $
004: * $Date: 2002/04/23 15:17:25 $
005: *
006: * ====================================================================
007: *
008: * The Apache Software License, Version 1.1
009: *
010: * Copyright (c) 1999 The Apache Software Foundation. All rights
011: * reserved.
012: *
013: * Redistribution and use in source and binary forms, with or without
014: * modification, are permitted provided that the following conditions
015: * are met:
016: *
017: * 1. Redistributions of source code must retain the above copyright
018: * notice, this list of conditions and the following disclaimer.
019: *
020: * 2. Redistributions in binary form must reproduce the above copyright
021: * notice, this list of conditions and the following disclaimer in
022: * the documentation and/or other materials provided with the
023: * distribution.
024: *
025: * 3. The end-user documentation included with the redistribution, if
026: * any, must include the following acknowlegement:
027: * "This product includes software developed by the
028: * Apache Software Foundation (http://www.apache.org/)."
029: * Alternately, this acknowlegement may appear in the software itself,
030: * if and wherever such third-party acknowlegements normally appear.
031: *
032: * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
033: * Foundation" must not be used to endorse or promote products derived
034: * from this software without prior written permission. For written
035: * permission, please contact apache@apache.org.
036: *
037: * 5. Products derived from this software may not be called "Apache"
038: * nor may "Apache" appear in their names without prior written
039: * permission of the Apache Group.
040: *
041: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
042: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
043: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
044: * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
045: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
046: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
047: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
048: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
049: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
050: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
051: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
052: * SUCH DAMAGE.
053: * ====================================================================
054: *
055: * This software consists of voluntary contributions made by many
056: * individuals on behalf of the Apache Software Foundation. For more
057: * information on the Apache Software Foundation, please see
058: * <http://www.apache.org/>.
059: *
060: * [Additional notices, if required by prior licensing conditions]
061: *
062: */
063:
064: package util;
065:
066: /**
067: * HTML filter utility.
068: *
069: * @author Craig R. McClanahan
070: * @author Tim Tye
071: * @version $Revision: 1.1 $ $Date: 2002/04/23 15:17:25 $
072: */
073:
074: public final class HTMLFilter {
075:
076: /**
077: * Filter the specified message string for characters that are sensitive
078: * in HTML. This avoids potential attacks caused by including JavaScript
079: * codes in the request URL that is often reported in error messages.
080: *
081: * @param message The message string to be filtered
082: */
083: public static String filter(String message) {
084:
085: if (message == null)
086: return (null);
087:
088: char content[] = new char[message.length()];
089: message.getChars(0, message.length(), content, 0);
090: StringBuffer result = new StringBuffer(content.length + 50);
091: for (int i = 0; i < content.length; i++) {
092: switch (content[i]) {
093: case '<':
094: result.append("<");
095: break;
096: case '>':
097: result.append(">");
098: break;
099: case '&':
100: result.append("&");
101: break;
102: case '"':
103: result.append(""");
104: break;
105: default:
106: result.append(content[i]);
107: }
108: }
109: return (result.toString());
110:
111: }
112:
113: }
|