/*
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* contributor license agreements. See the NOTICE file distributed with
|
* this work for additional information regarding copyright ownership.
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
* (the "License"); you may not use this file except in compliance with
|
* the License. You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
package util;
|
|
/**
|
* HTML filter utility.
|
*
|
* @author Craig R. McClanahan
|
* @author Tim Tye
|
*/
|
public final class HTMLFilter {
|
|
|
/**
|
* Filter the specified message string for characters that are sensitive
|
* in HTML. This avoids potential attacks caused by including JavaScript
|
* codes in the request URL that is often reported in error messages.
|
*
|
* @param message The message string to be filtered
|
*
|
* @return the filtered version of the message
|
*/
|
public static String filter(String message) {
|
|
if (message == null) {
|
return null;
|
}
|
|
char content[] = new char[message.length()];
|
message.getChars(0, message.length(), content, 0);
|
StringBuilder result = new StringBuilder(content.length + 50);
|
for (char c : content) {
|
switch (c) {
|
case '<':
|
result.append("<");
|
break;
|
case '>':
|
result.append(">");
|
break;
|
case '&':
|
result.append("&");
|
break;
|
case '"':
|
result.append(""");
|
break;
|
default:
|
result.append(c);
|
}
|
}
|
return result.toString();
|
}
|
|
|
}
|
