com.google.gwt.safehtml.shared.SafeHtmlUtils Maven / Gradle / Ivy
/*
* Copyright 2010 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package com.google.gwt.safehtml.shared;
import com.google.gwt.regexp.shared.RegExp;
/**
* Utility class containing static methods for escaping and sanitizing strings.
*/
public final class SafeHtmlUtils {
private static final String HTML_ENTITY_REGEX =
"[a-z]+|#[0-9]+|#x[0-9a-fA-F]+";
/**
* An empty String.
*/
public static final SafeHtml EMPTY_SAFE_HTML = new SafeHtmlString("");
private static final RegExp AMP_RE = RegExp.compile("&", "g");
private static final RegExp GT_RE = RegExp.compile(">", "g");
private static final RegExp LT_RE = RegExp.compile("<", "g");
private static final RegExp SQUOT_RE = RegExp.compile("\'", "g");
private static final RegExp QUOT_RE = RegExp.compile("\"", "g");
/**
* Returns a SafeHtml constructed from a safe string, i.e., without escaping
* the string.
*
*
* Important: For this method to be able to honor the {@link SafeHtml}
* contract, all uses of this method must satisfy the following constraints:
*
*
*
* - The argument expression must be fully determined at compile time.
*
*
- The value of the argument must end in "inner HTML" context and not
* contain incomplete HTML tags. I.e., the following is not a correct use of
* this method, because the {@code } tag is incomplete:
*
*
* {@code shb.appendConstantHtml(" 0
&& segment.substring(0, entityEnd).matches(HTML_ENTITY_REGEX)) {
// Append the entity without escaping.
escaped.append("&").append(segment.substring(0, entityEnd + 1));
// Append the rest of the segment, escaped.
escaped.append(htmlEscape(segment.substring(entityEnd + 1)));
} else {
// The segment did not start with an entity reference, so escape the
// whole segment.
escaped.append("&").append(htmlEscape(segment));
}
}
return escaped.toString();
}
// prevent instantiation
private SafeHtmlUtils() {
}
}