package org.apache.turbine.util;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import org.apache.ecs.Entities;
import org.apache.ecs.filter.CharacterFilter;
/**
* Some filter methods that have been orphaned in the Screen class.
*
*
* @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: InputFilterUtils.java,v 1.2 2003/03/09 02:54:11 quintonm Exp $
*/
public abstract class InputFilterUtils
{
/** A HtmlFilter Object for the normal input filter */
private static final CharacterFilter filter = htmlFilter();
/** A HtmlFilter Object for the minimal input filter */
private static final CharacterFilter minFilter = htmlMinFilter();
/**
* This function can/should be used in any screen that will output
* User entered text. This will help prevent users from entering
* html (<SCRIPT>) tags that will get executed by the browser.
*
* @param s The string to prepare.
* @return A string with the input already prepared.
*/
public static String prepareText(String s)
{
return filter.process(s);
}
/**
* This function can/should be used in any screen that will output
* User entered text. This will help prevent users from entering
* html (<SCRIPT>) tags that will get executed by the browser.
*
* @param s The string to prepare.
* @return A string with the input already prepared.
*/
public static String prepareTextMinimum(String s)
{
return minFilter.process(s);
}
/**
* These attributes are supposed to be the default, but they are
* not, at least in ECS 1.2. Include them all just to be safe.
*
* @return A CharacterFilter to do HTML filtering.
*/
private static CharacterFilter htmlFilter()
{
CharacterFilter filter = new CharacterFilter();
filter.addAttribute("\"", Entities.QUOT);
filter.addAttribute("'", Entities.LSQUO);
filter.addAttribute("&", Entities.AMP);
filter.addAttribute("<", Entities.LT);
filter.addAttribute(">", Entities.GT);
return filter;
}
/*
* We would like to filter user entered text that might be
* dynamically added, using javascript for example. But we do not
* want to filter all the above chars, so we will just disallow
* <.
*
* @return A CharacterFilter to do minimal HTML filtering.
*/
private static CharacterFilter htmlMinFilter()
{
CharacterFilter filter = new CharacterFilter();
filter.removeAttribute(">");
filter.removeAttribute("\"");
filter.removeAttribute("'");
filter.removeAttribute("&");
filter.addAttribute("<", Entities.LT);
return filter;
}
}