001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: package org.apache.tomcat.util.http;
019:
020: import org.apache.tomcat.util.res.StringManager;
021:
022: /**
023: * Handle (internationalized) HTTP messages.
024: *
025: * @author James Duncan Davidson [duncan@eng.sun.com]
026: * @author James Todd [gonzo@eng.sun.com]
027: * @author Jason Hunter [jch@eng.sun.com]
028: * @author Harish Prabandham
029: * @author costin@eng.sun.com
030: */
031: public class HttpMessages {
032: // XXX move message resources in this package
033: protected static StringManager sm = StringManager
034: .getManager("org.apache.tomcat.util.http.res");
035:
036: static String st_200 = null;
037: static String st_302 = null;
038: static String st_400 = null;
039: static String st_404 = null;
040:
041: /** Get the status string associated with a status code.
042: * No I18N - return the messages defined in the HTTP spec.
043: * ( the user isn't supposed to see them, this is the last
044: * thing to translate)
045: *
046: * Common messages are cached.
047: *
048: */
049: public static String getMessage(int status) {
050: // method from Response.
051:
052: // Does HTTP requires/allow international messages or
053: // are pre-defined? The user doesn't see them most of the time
054: switch (status) {
055: case 200:
056: if (st_200 == null)
057: st_200 = sm.getString("sc.200");
058: return st_200;
059: case 302:
060: if (st_302 == null)
061: st_302 = sm.getString("sc.302");
062: return st_302;
063: case 400:
064: if (st_400 == null)
065: st_400 = sm.getString("sc.400");
066: return st_400;
067: case 404:
068: if (st_404 == null)
069: st_404 = sm.getString("sc.404");
070: return st_404;
071: }
072: return sm.getString("sc." + status);
073: }
074:
075: /**
076: * Filter the specified message string for characters that are sensitive
077: * in HTML. This avoids potential attacks caused by including JavaScript
078: * codes in the request URL that is often reported in error messages.
079: *
080: * @param message The message string to be filtered
081: */
082: public static String filter(String message) {
083:
084: if (message == null)
085: return (null);
086:
087: char content[] = new char[message.length()];
088: message.getChars(0, message.length(), content, 0);
089: StringBuffer result = new StringBuffer(content.length + 50);
090: for (int i = 0; i < content.length; i++) {
091: switch (content[i]) {
092: case '<':
093: result.append("<");
094: break;
095: case '>':
096: result.append(">");
097: break;
098: case '&':
099: result.append("&");
100: break;
101: case '"':
102: result.append(""");
103: break;
104: default:
105: result.append(content[i]);
106: }
107: }
108: return (result.toString());
109: }
110:
111: }
|