1 package org.apache.turbine.util;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import org.apache.ecs.Entities;
20
21 import org.apache.ecs.filter.CharacterFilter;
22
23 /***
24 * Some filter methods that have been orphaned in the Screen class.
25 *
26 *
27 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
28 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
29 * @version $Id: InputFilterUtils.java 264148 2005-08-29 14:21:04Z henning $
30 */
31
32 public abstract class InputFilterUtils
33 {
34 /*** A HtmlFilter Object for the normal input filter */
35 private static final CharacterFilter filter = htmlFilter();
36
37 /*** A HtmlFilter Object for the minimal input filter */
38 private static final CharacterFilter minFilter = htmlMinFilter();
39
40 /***
41 * This function can/should be used in any screen that will output
42 * User entered text. This will help prevent users from entering
43 * html (<SCRIPT>) tags that will get executed by the browser.
44 *
45 * @param s The string to prepare.
46 * @return A string with the input already prepared.
47 */
48 public static String prepareText(String s)
49 {
50 return filter.process(s);
51 }
52
53 /***
54 * This function can/should be used in any screen that will output
55 * User entered text. This will help prevent users from entering
56 * html (<SCRIPT>) tags that will get executed by the browser.
57 *
58 * @param s The string to prepare.
59 * @return A string with the input already prepared.
60 */
61 public static String prepareTextMinimum(String s)
62 {
63 return minFilter.process(s);
64 }
65
66 /***
67 * These attributes are supposed to be the default, but they are
68 * not, at least in ECS 1.2. Include them all just to be safe.
69 *
70 * @return A CharacterFilter to do HTML filtering.
71 */
72 private static CharacterFilter htmlFilter()
73 {
74 CharacterFilter filter = new CharacterFilter();
75 filter.addAttribute("\"", Entities.QUOT);
76 filter.addAttribute("'", Entities.LSQUO);
77 filter.addAttribute("&", Entities.AMP);
78 filter.addAttribute("<", Entities.LT);
79 filter.addAttribute(">", Entities.GT);
80 return filter;
81 }
82
83
84
85
86
87
88
89
90
91 private static CharacterFilter htmlMinFilter()
92 {
93 CharacterFilter filter = new CharacterFilter();
94 filter.removeAttribute(">");
95 filter.removeAttribute("\"");
96 filter.removeAttribute("'");
97 filter.removeAttribute("&");
98 filter.addAttribute("<", Entities.LT);
99 return filter;
100 }
101 }