01 /**
02 *
03 * All content copyright (c) 2003-2008 Terracotta, Inc.,
04 * except as may otherwise be noted in a separate copyright notice.
05 * All rights reserved.
06 *
07 */
08 package demo.cart;
09
10 /**
11 * HTML filter utility.
12 *
13 *@author Craig R. McClanahan
14 *@author Tim Tye
15 *@version $Revision: 1 $ $Date: 2006-11-27 16:46:47 -0800 (Mon, 27 Nov
16 * 2006) $
17 */
18
19 public final class HTMLFilter {
20
21 /**
22 * Filter the specified message string for characters that are sensitive
23 * in HTML. This avoids potential attacks caused by including JavaScript
24 * codes in the request URL that is often reported in error messages.
25 *
26 *@param message The message string to be filtered
27 *@return Description of the Returned Value
28 */
29 public static String filter(String message) {
30
31 if (message == null) {
32 return (null);
33 }
34
35 char content[] = new char[message.length()];
36 message.getChars(0, message.length(), content, 0);
37 StringBuffer result = new StringBuffer(content.length + 50);
38 for (int i = 0; i < content.length; i++) {
39 switch (content[i]) {
40 case '<':
41 result.append("<");
42 break;
43 case '>':
44 result.append(">");
45 break;
46 case '&':
47 result.append("&");
48 break;
49 case '"':
50 result.append(""");
51 break;
52 default:
53 result.append(content[i]);
54 }
55 }
56 return (result.toString());
57 }
58
59 }
|