KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > turbine > util > InputFilterUtils


1 package org.apache.turbine.util;
2
3 /*
4  * Copyright 2001-2004 The Apache Software Foundation.
5  *
6  * Licensed under the Apache License, Version 2.0 (the "License")
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  */
18
19 import org.apache.ecs.Entities;
20
21 import org.apache.ecs.filter.CharacterFilter;
22
23 /**
24  * Some filter methods that have been orphaned in the Screen class.
25  *
26  *
27  * @author <a HREF="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
28  * @author <a HREF="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
29  * @version $Id: InputFilterUtils.java,v 1.2.2.2 2004/05/20 03:16:38 seade Exp $
30  */
31
32 public abstract class InputFilterUtils
33 {
34     /** A HtmlFilter Object for the normal input filter */
35     private static final CharacterFilter filter = htmlFilter();
36
37     /** A HtmlFilter Object for the minimal input filter */
38     private static final CharacterFilter minFilter = htmlMinFilter();
39
40     /**
41      * This function can/should be used in any screen that will output
42      * User entered text. This will help prevent users from entering
43      * html (<SCRIPT>) tags that will get executed by the browser.
44      *
45      * @param s The string to prepare.
46      * @return A string with the input already prepared.
47      */
48     public static String JavaDoc prepareText(String JavaDoc s)
49     {
50         return filter.process(s);
51     }
52
53     /**
54      * This function can/should be used in any screen that will output
55      * User entered text. This will help prevent users from entering
56      * html (<SCRIPT>) tags that will get executed by the browser.
57      *
58      * @param s The string to prepare.
59      * @return A string with the input already prepared.
60      */
61     public static String JavaDoc prepareTextMinimum(String JavaDoc s)
62     {
63         return minFilter.process(s);
64     }
65
66     /**
67      * These attributes are supposed to be the default, but they are
68      * not, at least in ECS 1.2. Include them all just to be safe.
69      *
70      * @return A CharacterFilter to do HTML filtering.
71      */
72     private static CharacterFilter htmlFilter()
73     {
74         CharacterFilter filter = new CharacterFilter();
75         filter.addAttribute("\"", Entities.QUOT);
76         filter.addAttribute("'", Entities.LSQUO);
77         filter.addAttribute("&", Entities.AMP);
78         filter.addAttribute("<", Entities.LT);
79         filter.addAttribute(">", Entities.GT);
80         return filter;
81     }
82
83     /*
84      * We would like to filter user entered text that might be
85      * dynamically added, using javascript for example. But we do not
86      * want to filter all the above chars, so we will just disallow
87      * <.
88      *
89      * @return A CharacterFilter to do minimal HTML filtering.
90      */
91     private static CharacterFilter htmlMinFilter()
92     {
93         CharacterFilter filter = new CharacterFilter();
94         filter.removeAttribute(">");
95         filter.removeAttribute("\"");
96         filter.removeAttribute("'");
97         filter.removeAttribute("&");
98         filter.addAttribute("<", Entities.LT);
99         return filter;
100     }
101 }
102
Popular Tags