All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.gwt.safehtml.shared.SafeHtmlUtils Maven / Gradle / Ivy

There is a newer version: 2.10.0
Show newest version
/*
 * Copyright 2010 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.google.gwt.safehtml.shared;

import com.google.gwt.regexp.shared.RegExp;

/**
 * Utility class containing static methods for escaping and sanitizing strings.
 */
public final class SafeHtmlUtils {

  private static final String HTML_ENTITY_REGEX =
      "[a-z]+|#[0-9]+|#x[0-9a-fA-F]+";

  /**
   * An empty String.
   */
  public static final SafeHtml EMPTY_SAFE_HTML = new SafeHtmlString("");

  private static final RegExp AMP_RE = RegExp.compile("&", "g");
  private static final RegExp GT_RE = RegExp.compile(">", "g");
  private static final RegExp LT_RE = RegExp.compile("<", "g");
  private static final RegExp SQUOT_RE = RegExp.compile("\'", "g");
  private static final RegExp QUOT_RE = RegExp.compile("\"", "g");

  /**
   * Returns a SafeHtml constructed from a safe string, i.e., without escaping
   * the string.
   *
   * 

* Important: For this method to be able to honor the {@link SafeHtml} * contract, all uses of this method must satisfy the following constraints: * *

    * *
  1. The argument expression must be fully determined at compile time. * *
  2. The value of the argument must end in "inner HTML" context and not * contain incomplete HTML tags. I.e., the following is not a correct use of * this method, because the {@code } tag is incomplete: * *
       * {@code shb.appendConstantHtml(" 0
              && segment.substring(0, entityEnd).matches(HTML_ENTITY_REGEX)) {
            // Append the entity without escaping.
            escaped.append("&").append(segment.substring(0, entityEnd + 1));
    
            // Append the rest of the segment, escaped.
            escaped.append(htmlEscape(segment.substring(entityEnd + 1)));
          } else {
            // The segment did not start with an entity reference, so escape the
            // whole segment.
            escaped.append("&").append(htmlEscape(segment));
          }
        }
    
        return escaped.toString();
      }
    
      // prevent instantiation
      private SafeHtmlUtils() {
      }
    }
    




© 2015 - 2024 Weber Informatics LLC | Privacy Policy