001 /*
002 * Copyright 2004 The Apache Software Foundation
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016
017 package util;
018
019 /**
020 * HTML filter utility.
021 *
022 * @author Craig R. McClanahan
023 * @author Tim Tye
024 * @version $Revision: 267129 $ $Date: 2004-03-18 08:40:35 -0800 (Thu, 18 Mar 2004) $
025 */
026
027 public final class HTMLFilter {
028
029
030 /**
031 * Filter the specified message string for characters that are sensitive
032 * in HTML. This avoids potential attacks caused by including JavaScript
033 * codes in the request URL that is often reported in error messages.
034 *
035 * @param message The message string to be filtered
036 */
037 public static String filter(String message) {
038
039 if (message == null)
040 return (null);
041
042 char content[] = new char[message.length()];
043 message.getChars(0, message.length(), content, 0);
044 StringBuffer result = new StringBuffer(content.length + 50);
045 for (int i = 0; i < content.length; i++) {
046 switch (content[i]) {
047 case '<':
048 result.append("<");
049 break;
050 case '>':
051 result.append(">");
052 break;
053 case '&':
054 result.append("&");
055 break;
056 case '"':
057 result.append(""");
058 break;
059 default:
060 result.append(content[i]);
061 }
062 }
063 return (result.toString());
064
065 }
066
067
068 }
069