Coverage Report - org.apache.turbine.util.InputFilterUtils
 
Classes in this File Line Coverage Branch Coverage Complexity
InputFilterUtils
0%
0/19
N/A
1
 
 1  
 package org.apache.turbine.util;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.ecs.Entities;
 25  
 
 26  
 import org.apache.ecs.filter.CharacterFilter;
 27  
 
 28  
 /**
 29  
  * Some filter methods that have been orphaned in the Screen class.
 30  
  *
 31  
  *
 32  
  * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
 33  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 34  
  * @version $Id: InputFilterUtils.java 615328 2008-01-25 20:25:05Z tv $
 35  
  */
 36  
 
 37  0
 public abstract class InputFilterUtils
 38  
 {
 39  
     /** A HtmlFilter Object for the normal input filter */
 40  0
     private static final CharacterFilter filter = htmlFilter();
 41  
 
 42  
     /** A HtmlFilter Object for the minimal input filter */
 43  0
     private static final CharacterFilter minFilter = htmlMinFilter();
 44  
 
 45  
     /**
 46  
      * This function can/should be used in any screen that will output
 47  
      * User entered text.  This will help prevent users from entering
 48  
      * html (<SCRIPT>) tags that will get executed by the browser.
 49  
      *
 50  
      * @param s The string to prepare.
 51  
      * @return A string with the input already prepared.
 52  
      */
 53  
     public static String prepareText(String s)
 54  
     {
 55  0
         return filter.process(s);
 56  
     }
 57  
 
 58  
     /**
 59  
      * This function can/should be used in any screen that will output
 60  
      * User entered text.  This will help prevent users from entering
 61  
      * html (<SCRIPT>) tags that will get executed by the browser.
 62  
      *
 63  
      * @param s The string to prepare.
 64  
      * @return A string with the input already prepared.
 65  
      */
 66  
     public static String prepareTextMinimum(String s)
 67  
     {
 68  0
         return minFilter.process(s);
 69  
     }
 70  
 
 71  
     /**
 72  
      * These attributes are supposed to be the default, but they are
 73  
      * not, at least in ECS 1.2.  Include them all just to be safe.
 74  
      *
 75  
      * @return A CharacterFilter to do HTML filtering.
 76  
      */
 77  
     private static CharacterFilter htmlFilter()
 78  
     {
 79  0
         CharacterFilter filter = new CharacterFilter();
 80  0
         filter.addAttribute("\"", Entities.QUOT);
 81  0
         filter.addAttribute("'", Entities.LSQUO);
 82  0
         filter.addAttribute("&", Entities.AMP);
 83  0
         filter.addAttribute("<", Entities.LT);
 84  0
         filter.addAttribute(">", Entities.GT);
 85  0
         return filter;
 86  
     }
 87  
 
 88  
     /*
 89  
      * We would like to filter user entered text that might be
 90  
      * dynamically added, using javascript for example.  But we do not
 91  
      * want to filter all the above chars, so we will just disallow
 92  
      * <.
 93  
      *
 94  
      * @return A CharacterFilter to do minimal HTML filtering.
 95  
      */
 96  
     private static CharacterFilter htmlMinFilter()
 97  
     {
 98  0
         CharacterFilter filter = new CharacterFilter();
 99  0
         filter.removeAttribute(">");
 100  0
         filter.removeAttribute("\"");
 101  0
         filter.removeAttribute("'");
 102  0
         filter.removeAttribute("&");
 103  0
         filter.addAttribute("<", Entities.LT);
 104  0
         return filter;
 105  
     }
 106  
 }