com.nesscomputing.syslog4j.impl.message.modifier.escape.HTMLEntityEscapeSyslogMessageModifier Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of ness-syslog4j Show documentation
Show all versions of ness-syslog4j Show documentation
Syslog4j provides client and server implementations of the BSD Syslog protocol (RFC 3164) and the structured syslog" protocol (RFC5424).
/**
*
* (C) Copyright 2008-2011 syslog4j.org
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Lesser General Public License
* (LGPL) version 2.1 which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/lgpl-2.1.html
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*/
package com.nesscomputing.syslog4j.impl.message.modifier.escape;
import org.apache.commons.lang3.StringUtils;
import com.nesscomputing.syslog4j.SyslogFacility;
import com.nesscomputing.syslog4j.SyslogIF;
import com.nesscomputing.syslog4j.SyslogLevel;
import com.nesscomputing.syslog4j.SyslogMessageModifierIF;
/**
* HTMLEntityEscapeSyslogMessageModifier is an implementation of SyslogMessageModifierIF
* that safely escapes HTML entity characters.
*
* This modifier is useful for applications that display log content in browsers without
* properly escaping HTML characters.
*
* Syslog4j is licensed under the Lesser GNU Public License v2.1. A copy
* of the LGPL license is available in the META-INF folder in all
* distributions of Syslog4j and in the base directory of the "doc" ZIP.
*
* @author <[email protected]>
* @version $Id: HTMLEntityEscapeSyslogMessageModifier.java,v 1.4 2010/10/28 05:10:57 cvs Exp $
*/
public class HTMLEntityEscapeSyslogMessageModifier implements SyslogMessageModifierIF {
public static final SyslogMessageModifierIF createDefault() {
return new HTMLEntityEscapeSyslogMessageModifier();
}
@Override
public String modify(SyslogIF syslog, SyslogFacility facility, SyslogLevel level, String message) {
if (StringUtils.isBlank(message)) {
return message;
}
else {
String escapedMessage = escapeHtml(message);
return escapedMessage;
}
}
public boolean verify(String message) {
// NO-OP
return true;
}
/**
* escapeHtml(String) is based partly on the article posted here: http://www.owasp.org/index.php/How_to_perform_HTML_entity_encoding_in_Java
* with the addition of common characters and modifications for Java 1.4 support.
*
* @param message
* @return Returns a message where any HTML entity characters are escaped.
*/
public static String escapeHtml(String message) {
StringBuffer b = new StringBuffer(message.length());
for (int i = 0; i < message.length(); i++) {
char ch = message.charAt(i);
if (ch == '<') {
b.append("<");
} else if (ch == '>') {
b.append(">");
} else if (ch == '"') {
b.append(""");
} else if (ch == '\'') {
b.append("'");
} else if (ch == '&') {
b.append("&");
} else if (ch >= ' ' && ch <= '~') {
b.append(ch);
} else if (Character.isWhitespace(ch)) {
b.append("&#").append((int) ch).append(";");
} else if (Character.isISOControl(ch)) {
continue; // Ignore character
} else if (Character.isDefined(ch)) {
b.append("&#").append((int) ch).append(";");
}
}
return b.toString();
}
}