%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.util.InputFilterUtils |
|
|
1 | package org.apache.turbine.util; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2005 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import org.apache.ecs.Entities; |
|
20 | ||
21 | import org.apache.ecs.filter.CharacterFilter; |
|
22 | ||
23 | /** |
|
24 | * Some filter methods that have been orphaned in the Screen class. |
|
25 | * |
|
26 | * |
|
27 | * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> |
|
28 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> |
|
29 | * @version $Id: InputFilterUtils.java 264148 2005-08-29 14:21:04Z henning $ |
|
30 | */ |
|
31 | ||
32 | 0 | public abstract class InputFilterUtils |
33 | { |
|
34 | /** A HtmlFilter Object for the normal input filter */ |
|
35 | 0 | private static final CharacterFilter filter = htmlFilter(); |
36 | ||
37 | /** A HtmlFilter Object for the minimal input filter */ |
|
38 | 0 | private static final CharacterFilter minFilter = htmlMinFilter(); |
39 | ||
40 | /** |
|
41 | * This function can/should be used in any screen that will output |
|
42 | * User entered text. This will help prevent users from entering |
|
43 | * html (<SCRIPT>) tags that will get executed by the browser. |
|
44 | * |
|
45 | * @param s The string to prepare. |
|
46 | * @return A string with the input already prepared. |
|
47 | */ |
|
48 | public static String prepareText(String s) |
|
49 | { |
|
50 | 0 | return filter.process(s); |
51 | } |
|
52 | ||
53 | /** |
|
54 | * This function can/should be used in any screen that will output |
|
55 | * User entered text. This will help prevent users from entering |
|
56 | * html (<SCRIPT>) tags that will get executed by the browser. |
|
57 | * |
|
58 | * @param s The string to prepare. |
|
59 | * @return A string with the input already prepared. |
|
60 | */ |
|
61 | public static String prepareTextMinimum(String s) |
|
62 | { |
|
63 | 0 | return minFilter.process(s); |
64 | } |
|
65 | ||
66 | /** |
|
67 | * These attributes are supposed to be the default, but they are |
|
68 | * not, at least in ECS 1.2. Include them all just to be safe. |
|
69 | * |
|
70 | * @return A CharacterFilter to do HTML filtering. |
|
71 | */ |
|
72 | private static CharacterFilter htmlFilter() |
|
73 | { |
|
74 | 0 | CharacterFilter filter = new CharacterFilter(); |
75 | 0 | filter.addAttribute("\"", Entities.QUOT); |
76 | 0 | filter.addAttribute("'", Entities.LSQUO); |
77 | 0 | filter.addAttribute("&", Entities.AMP); |
78 | 0 | filter.addAttribute("<", Entities.LT); |
79 | 0 | filter.addAttribute(">", Entities.GT); |
80 | 0 | return filter; |
81 | } |
|
82 | ||
83 | /* |
|
84 | * We would like to filter user entered text that might be |
|
85 | * dynamically added, using javascript for example. But we do not |
|
86 | * want to filter all the above chars, so we will just disallow |
|
87 | * <. |
|
88 | * |
|
89 | * @return A CharacterFilter to do minimal HTML filtering. |
|
90 | */ |
|
91 | private static CharacterFilter htmlMinFilter() |
|
92 | { |
|
93 | 0 | CharacterFilter filter = new CharacterFilter(); |
94 | 0 | filter.removeAttribute(">"); |
95 | 0 | filter.removeAttribute("\""); |
96 | 0 | filter.removeAttribute("'"); |
97 | 0 | filter.removeAttribute("&"); |
98 | 0 | filter.addAttribute("<", Entities.LT); |
99 | 0 | return filter; |
100 | } |
|
101 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |