01: /*
02: * Copyright 2004 The Apache Software Foundation
03: *
04: * Licensed under the Apache License, Version 2.0 (the "License");
05: * you may not use this file except in compliance with the License.
06: * You may obtain a copy of the License at
07: *
08: * http://www.apache.org/licenses/LICENSE-2.0
09: *
10: * Unless required by applicable law or agreed to in writing, software
11: * distributed under the License is distributed on an "AS IS" BASIS,
12: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13: * See the License for the specific language governing permissions and
14: * limitations under the License.
15: */
16: package util;
17:
18: /**
19: * HTML filter utility.
20: *
21: * @author Craig R. McClanahan
22: * @author Tim Tye
23: * @version $Revision: 1.2 $ $Date: 2004/03/18 16:40:34 $
24: */
25:
26: public final class HTMLFilter {
27:
28: /**
29: * Filter the specified message string for characters that are sensitive
30: * in HTML. This avoids potential attacks caused by including JavaScript
31: * codes in the request URL that is often reported in error messages.
32: *
33: * @param message The message string to be filtered
34: */
35: public static String filter(String message) {
36:
37: if (message == null)
38: return (null);
39:
40: char content[] = new char[message.length()];
41: message.getChars(0, message.length(), content, 0);
42: StringBuffer result = new StringBuffer(content.length + 50);
43: for (int i = 0; i < content.length; i++) {
44: switch (content[i]) {
45: case '<':
46: result.append("<");
47: break;
48: case '>':
49: result.append(">");
50: break;
51: case '&':
52: result.append("&");
53: break;
54: case '"':
55: result.append(""");
56: break;
57: default:
58: result.append(content[i]);
59: }
60: }
61: return (result.toString());
62:
63: }
64:
65: }
|