001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package util; 018 019 /** 020 * HTML filter utility. 021 * 022 * @author Craig R. McClanahan 023 * @author Tim Tye 024 * @version $Revision: 664175 $ $Date: 2008-06-06 18:43:44 -0400 (Fri, 06 Jun 2008) $ 025 */ 026 027 public final class HTMLFilter { 028 029 030 /** 031 * Filter the specified message string for characters that are sensitive 032 * in HTML. This avoids potential attacks caused by including JavaScript 033 * codes in the request URL that is often reported in error messages. 034 * 035 * @param message The message string to be filtered 036 */ 037 public static String filter(String message) { 038 039 if (message == null) 040 return (null); 041 042 char content[] = new char[message.length()]; 043 message.getChars(0, message.length(), content, 0); 044 StringBuffer result = new StringBuffer(content.length + 50); 045 for (int i = 0; i < content.length; i++) { 046 switch (content[i]) { 047 case '<': 048 result.append("<"); 049 break; 050 case '>': 051 result.append(">"); 052 break; 053 case '&': 054 result.append("&"); 055 break; 056 case '"': 057 result.append("""); 058 break; 059 default: 060 result.append(content[i]); 061 } 062 } 063 return (result.toString()); 064 065 } 066 067 068 } 069