1 package org.apache.turbine.util;
2
3
4 /*
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
20 * under the License.
21 */
22
23
24 import org.apache.commons.lang.StringEscapeUtils;
25 import org.apache.commons.lang.StringUtils;
26
27 /**
28 * Some filter methods that have been orphaned in the Screen class.
29 *
30 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
31 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
32 * @version $Id: InputFilterUtils.java 1773378 2016-12-09 13:19:59Z tv $
33 */
34
35 public abstract class InputFilterUtils
36 {
37 /**
38 * This function can/should be used in any screen that will output
39 * User entered text. This will help prevent users from entering
40 * html (<SCRIPT>) tags that will get executed by the browser.
41 *
42 * @param s The string to prepare.
43 * @return A string with the input already prepared.
44 */
45 public static String prepareText(String s)
46 {
47 return StringEscapeUtils.escapeHtml(s);
48 }
49
50 /**
51 * This function can/should be used in any screen that will output
52 * User entered text. This will help prevent users from entering
53 * html (<SCRIPT>) tags that will get executed by the browser.
54 *
55 * @param s The string to prepare.
56 * @return A string with the input already prepared.
57 */
58 public static String prepareTextMinimum(String s)
59 {
60 /*
61 * We would like to filter user entered text that might be
62 * dynamically added, using javascript for example. But we do not
63 * want to filter all the above chars, so we will just disallow
64 * <.
65 */
66 return StringUtils.replace(s, "<", "<");
67 }
68 }