001    /*
002    * Licensed to the Apache Software Foundation (ASF) under one or more
003    * contributor license agreements.  See the NOTICE file distributed with
004    * this work for additional information regarding copyright ownership.
005    * The ASF licenses this file to You under the Apache License, Version 2.0
006    * (the "License"); you may not use this file except in compliance with
007    * the License.  You may obtain a copy of the License at
008    *
009    *     http://www.apache.org/licenses/LICENSE-2.0
010    *
011    * Unless required by applicable law or agreed to in writing, software
012    * distributed under the License is distributed on an "AS IS" BASIS,
013    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014    * See the License for the specific language governing permissions and
015    * limitations under the License.
016    */
017    package util;
018    
019    /**
020     * HTML filter utility.
021     *
022     * @author Craig R. McClanahan
023     * @author Tim Tye
024     * @version $Revision: 664175 $ $Date: 2008-06-06 18:43:44 -0400 (Fri, 06 Jun 2008) $
025     */
026    
027    public final class HTMLFilter {
028    
029    
030        /**
031         * Filter the specified message string for characters that are sensitive
032         * in HTML.  This avoids potential attacks caused by including JavaScript
033         * codes in the request URL that is often reported in error messages.
034         *
035         * @param message The message string to be filtered
036         */
037        public static String filter(String message) {
038    
039            if (message == null)
040                return (null);
041    
042            char content[] = new char[message.length()];
043            message.getChars(0, message.length(), content, 0);
044            StringBuffer result = new StringBuffer(content.length + 50);
045            for (int i = 0; i < content.length; i++) {
046                switch (content[i]) {
047                    case '<':
048                        result.append("&lt;");
049                        break;
050                    case '>':
051                        result.append("&gt;");
052                        break;
053                    case '&':
054                        result.append("&amp;");
055                        break;
056                    case '"':
057                        result.append("&quot;");
058                        break;
059                    default:
060                        result.append(content[i]);
061                }
062            }
063            return (result.toString());
064    
065        }
066    
067    
068    }
069