001package org.apache.turbine.util; 002 003 004/* 005 * Licensed to the Apache Software Foundation (ASF) under one 006 * or more contributor license agreements. See the NOTICE file 007 * distributed with this work for additional information 008 * regarding copyright ownership. The ASF licenses this file 009 * to you under the Apache License, Version 2.0 (the 010 * "License"); you may not use this file except in compliance 011 * with the License. You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, 016 * software distributed under the License is distributed on an 017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 018 * KIND, either express or implied. See the License for the 019 * specific language governing permissions and limitations 020 * under the License. 021 */ 022 023 024import org.apache.commons.lang3.StringUtils; 025import org.apache.commons.text.StringEscapeUtils; 026 027/** 028 * Some filter methods that have been orphaned in the Screen class. 029 * 030 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a> 031 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 032 * @version $Id$ 033 */ 034 035public abstract class InputFilterUtils 036{ 037 /** 038 * This function can/should be used in any screen that will output 039 * User entered text. This will help prevent users from entering 040 * html (<SCRIPT>) tags that will get executed by the browser. 041 * 042 * @param s The string to prepare. 043 * @return A string with the input already prepared. 044 */ 045 public static String prepareText(String s) 046 { 047 return StringEscapeUtils.escapeHtml4(s); 048 } 049 050 /** 051 * This function can/should be used in any screen that will output 052 * User entered text. This will help prevent users from entering 053 * html (<SCRIPT>) tags that will get executed by the browser. 054 * 055 * @param s The string to prepare. 056 * @return A string with the input already prepared. 057 */ 058 public static String prepareTextMinimum(String s) 059 { 060 /* 061 * We would like to filter user entered text that might be 062 * dynamically added, using javascript for example. But we do not 063 * want to filter all the above chars, so we will just disallow 064 * <. 065 */ 066 return StringUtils.replace(s, "<", "<"); 067 } 068}