001    /*
002    * Copyright 2004 The Apache Software Foundation
003    *
004    * Licensed under the Apache License, Version 2.0 (the "License");
005    * you may not use this file except in compliance with the License.
006    * You may obtain a copy of the License at
007    *
008    *     http://www.apache.org/licenses/LICENSE-2.0
009    *
010    * Unless required by applicable law or agreed to in writing, software
011    * distributed under the License is distributed on an "AS IS" BASIS,
012    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013    * See the License for the specific language governing permissions and
014    * limitations under the License.
015    */
016    package util;
017    
018    /**
019     * HTML filter utility.
020     *
021     * @author Craig R. McClanahan
022     * @author Tim Tye
023     * @version $Revision: 267129 $ $Date: 2004-03-18 08:40:35 -0800 (Thu, 18 Mar 2004) $
024     */
025    
026    public final class HTMLFilter {
027    
028    
029        /**
030         * Filter the specified message string for characters that are sensitive
031         * in HTML.  This avoids potential attacks caused by including JavaScript
032         * codes in the request URL that is often reported in error messages.
033         *
034         * @param message The message string to be filtered
035         */
036        public static String filter(String message) {
037    
038            if (message == null)
039                return (null);
040    
041            char content[] = new char[message.length()];
042            message.getChars(0, message.length(), content, 0);
043            StringBuffer result = new StringBuffer(content.length + 50);
044            for (int i = 0; i < content.length; i++) {
045                switch (content[i]) {
046                case '<':
047                    result.append("<");
048                    break;
049                case '>':
050                    result.append(">");
051                    break;
052                case '&':
053                    result.append("&");
054                    break;
055                case '"':
056                    result.append(""");
057                    break;
058                default:
059                    result.append(content[i]);
060                }
061            }
062            return (result.toString());
063    
064        }
065    
066    
067    }
068