1 package org.apache.turbine.util; 2 3 4 /* 5 * Licensed to the Apache Software Foundation (ASF) under one 6 * or more contributor license agreements. See the NOTICE file 7 * distributed with this work for additional information 8 * regarding copyright ownership. The ASF licenses this file 9 * to you under the Apache License, Version 2.0 (the 10 * "License"); you may not use this file except in compliance 11 * with the License. You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, 16 * software distributed under the License is distributed on an 17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18 * KIND, either express or implied. See the License for the 19 * specific language governing permissions and limitations 20 * under the License. 21 */ 22 23 24 import org.apache.commons.lang3.StringUtils; 25 import org.apache.commons.text.StringEscapeUtils; 26 27 /** 28 * Some filter methods that have been orphaned in the Screen class. 29 * 30 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 31 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 32 * @version $Id: InputFilterUtils.java 1854688 2019-03-03 10:36:42Z tv $ 33 */ 34 35 public abstract class InputFilterUtils 36 { 37 /** 38 * This function can/should be used in any screen that will output 39 * User entered text. This will help prevent users from entering 40 * html (<SCRIPT>) tags that will get executed by the browser. 41 * 42 * @param s The string to prepare. 43 * @return A string with the input already prepared. 44 */ 45 public static String prepareText(String s) 46 { 47 return StringEscapeUtils.escapeHtml4(s); 48 } 49 50 /** 51 * This function can/should be used in any screen that will output 52 * User entered text. This will help prevent users from entering 53 * html (<SCRIPT>) tags that will get executed by the browser. 54 * 55 * @param s The string to prepare. 56 * @return A string with the input already prepared. 57 */ 58 public static String prepareTextMinimum(String s) 59 { 60 /* 61 * We would like to filter user entered text that might be 62 * dynamically added, using javascript for example. But we do not 63 * want to filter all the above chars, so we will just disallow 64 * <. 65 */ 66 return StringUtils.replace(s, "<", "<"); 67 } 68 }