Coverage Report

Coverage Report - org.apache.turbine.util.InputFilterUtils

Classes in this File

0/3

 package org.apache.turbine.util;
 
 
 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StringEscapeUtils;
 
 /**
  * Some filter methods that have been orphaned in the Screen class.
  *
  * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
  * @version $Id: InputFilterUtils.java 1854688 2019-03-03 10:36:42Z tv $
  */
 
 public abstract class InputFilterUtils
 {
     /**
      * This function can/should be used in any screen that will output
      * User entered text.  This will help prevent users from entering
      * html (&lt;SCRIPT&gt;) tags that will get executed by the browser.
      *
      * @param s The string to prepare.
      * @return A string with the input already prepared.
      */
     public static String prepareText(String s)
     {
         return StringEscapeUtils.escapeHtml4(s);
     }
 
     /**
      * This function can/should be used in any screen that will output
      * User entered text.  This will help prevent users from entering
      * html (&lt;SCRIPT&gt;) tags that will get executed by the browser.
      *
      * @param s The string to prepare.
      * @return A string with the input already prepared.
      */
     public static String prepareTextMinimum(String s)
     {
         /*
          * We would like to filter user entered text that might be
          * dynamically added, using javascript for example.  But we do not
          * want to filter all the above chars, so we will just disallow
          * <.
          */
         return StringUtils.replace(s, "<", "&lt;");
     }
 }

1		package org.apache.turbine.util;
2
3
4		/*
5		* Licensed to the Apache Software Foundation (ASF) under one
6		* or more contributor license agreements. See the NOTICE file
7		* distributed with this work for additional information
8		* regarding copyright ownership. The ASF licenses this file
9		* to you under the Apache License, Version 2.0 (the
10		* "License"); you may not use this file except in compliance
11		* with the License. You may obtain a copy of the License at
12		*
13		* http://www.apache.org/licenses/LICENSE-2.0
14		*
15		* Unless required by applicable law or agreed to in writing,
16		* software distributed under the License is distributed on an
17		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18		* KIND, either express or implied. See the License for the
19		* specific language governing permissions and limitations
20		* under the License.
21		*/
22
23
24		import org.apache.commons.lang3.StringUtils;
25		import org.apache.commons.text.StringEscapeUtils;
26
27		/**
28		* Some filter methods that have been orphaned in the Screen class.
29		*
30		* @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
31		* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
32		* @version $Id: InputFilterUtils.java 1854688 2019-03-03 10:36:42Z tv $
33		*/
34
35	0	public abstract class InputFilterUtils
36		{
37		/**
38		* This function can/should be used in any screen that will output
39		* User entered text. This will help prevent users from entering
40		* html (<SCRIPT>) tags that will get executed by the browser.
41		*
42		* @param s The string to prepare.
43		* @return A string with the input already prepared.
44		*/
45		public static String prepareText(String s)
46		{
47	0	return StringEscapeUtils.escapeHtml4(s);
48		}
49
50		/**
51		* This function can/should be used in any screen that will output
52		* User entered text. This will help prevent users from entering
53		* html (<SCRIPT>) tags that will get executed by the browser.
54		*
55		* @param s The string to prepare.
56		* @return A string with the input already prepared.
57		*/
58		public static String prepareTextMinimum(String s)
59		{
60		/*
61		* We would like to filter user entered text that might be
62		* dynamically added, using javascript for example. But we do not
63		* want to filter all the above chars, so we will just disallow
64		* <.
65		*/
66	0	return StringUtils.replace(s, "<", "<");
67		}
68		}