View Javadoc
1   package org.apache.turbine.util;
2   
3   
4   /*
5    * Licensed to the Apache Software Foundation (ASF) under one
6    * or more contributor license agreements.  See the NOTICE file
7    * distributed with this work for additional information
8    * regarding copyright ownership.  The ASF licenses this file
9    * to you under the Apache License, Version 2.0 (the
10   * "License"); you may not use this file except in compliance
11   * with the License.  You may obtain a copy of the License at
12   *
13   *   http://www.apache.org/licenses/LICENSE-2.0
14   *
15   * Unless required by applicable law or agreed to in writing,
16   * software distributed under the License is distributed on an
17   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18   * KIND, either express or implied.  See the License for the
19   * specific language governing permissions and limitations
20   * under the License.
21   */
22  
23  
24  import org.apache.commons.lang3.StringUtils;
25  import org.apache.commons.text.StringEscapeUtils;
26  
27  /**
28   * Some filter methods that have been orphaned in the Screen class.
29   *
30   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
31   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
32   * @version $Id$
33   */
34  
35  public abstract class InputFilterUtils
36  {
37      /**
38       * This function can/should be used in any screen that will output
39       * User entered text.  This will help prevent users from entering
40       * html (&lt;SCRIPT&gt;) tags that will get executed by the browser.
41       *
42       * @param s The string to prepare.
43       * @return A string with the input already prepared.
44       */
45      public static String prepareText(String s)
46      {
47          return StringEscapeUtils.escapeHtml4(s);
48      }
49  
50      /**
51       * This function can/should be used in any screen that will output
52       * User entered text.  This will help prevent users from entering
53       * html (&lt;SCRIPT&gt;) tags that will get executed by the browser.
54       *
55       * @param s The string to prepare.
56       * @return A string with the input already prepared.
57       */
58      public static String prepareTextMinimum(String s)
59      {
60          /*
61           * We would like to filter user entered text that might be
62           * dynamically added, using javascript for example.  But we do not
63           * want to filter all the above chars, so we will just disallow
64           * <.
65           */
66          return StringUtils.replace(s, "<", "&lt;");
67      }
68  }