Coverage Report - org.apache.turbine.util.InputFilterUtils
 
Classes in this File Line Coverage Branch Coverage Complexity
InputFilterUtils
0%
0/3
N/A
1
 
 1  
 package org.apache.turbine.util;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.commons.lang3.StringUtils;
 25  
 import org.apache.commons.text.StringEscapeUtils;
 26  
 
 27  
 /**
 28  
  * Some filter methods that have been orphaned in the Screen class.
 29  
  *
 30  
  * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
 31  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 32  
  * @version $Id: InputFilterUtils.java 1854688 2019-03-03 10:36:42Z tv $
 33  
  */
 34  
 
 35  0
 public abstract class InputFilterUtils
 36  
 {
 37  
     /**
 38  
      * This function can/should be used in any screen that will output
 39  
      * User entered text.  This will help prevent users from entering
 40  
      * html (&lt;SCRIPT&gt;) tags that will get executed by the browser.
 41  
      *
 42  
      * @param s The string to prepare.
 43  
      * @return A string with the input already prepared.
 44  
      */
 45  
     public static String prepareText(String s)
 46  
     {
 47  0
         return StringEscapeUtils.escapeHtml4(s);
 48  
     }
 49  
 
 50  
     /**
 51  
      * This function can/should be used in any screen that will output
 52  
      * User entered text.  This will help prevent users from entering
 53  
      * html (&lt;SCRIPT&gt;) tags that will get executed by the browser.
 54  
      *
 55  
      * @param s The string to prepare.
 56  
      * @return A string with the input already prepared.
 57  
      */
 58  
     public static String prepareTextMinimum(String s)
 59  
     {
 60  
         /*
 61  
          * We would like to filter user entered text that might be
 62  
          * dynamically added, using javascript for example.  But we do not
 63  
          * want to filter all the above chars, so we will just disallow
 64  
          * <.
 65  
          */
 66  0
         return StringUtils.replace(s, "<", "&lt;");
 67  
     }
 68  
 }