| /* |
| * Copyright 2004 The Apache Software Foundation |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package util; |
| |
| /** |
| * HTML filter utility. |
| * |
| * @author Craig R. McClanahan |
| * @author Tim Tye |
| * @version $Revision$ $Date$ |
| */ |
| |
| public final class HTMLFilter { |
| |
| |
| /** |
| * Filter the specified message string for characters that are sensitive |
| * in HTML. This avoids potential attacks caused by including JavaScript |
| * codes in the request URL that is often reported in error messages. |
| * |
| * @param message The message string to be filtered |
| */ |
| public static String filter(String message) { |
| |
| if (message == null) |
| return (null); |
| |
| char content[] = new char[message.length()]; |
| message.getChars(0, message.length(), content, 0); |
| StringBuffer result = new StringBuffer(content.length + 50); |
| for (int i = 0; i < content.length; i++) { |
| switch (content[i]) { |
| case '<': |
| result.append("<"); |
| break; |
| case '>': |
| result.append(">"); |
| break; |
| case '&': |
| result.append("&"); |
| break; |
| case '"': |
| result.append("""); |
| break; |
| default: |
| result.append(content[i]); |
| } |
| } |
| return (result.toString()); |
| |
| } |
| |
| |
| } |
| |