All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.tomcat.util.security.Escape Maven / Gradle / Ivy

There is a newer version: 11.0.1
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.tomcat.util.security;

/**
 * Provides utility methods to escape content for different contexts. It is
 * critical that the escaping used is correct for the context in which the data
 * is to be used.
 */
public class Escape {

    private Escape() {
        // Hide default constructor for this utility class
    }


    /**
     * Escape content for use in HTML. This escaping is suitable for the
     * following uses:
     * 
    *
  • Element content when the escaped data will be placed directly inside * tags such as <p>, <td> etc.
  • *
  • Attribute values when the attribute value is quoted with " or * '.
  • *
* * @param content The content to escape * * @return The escaped content or {@code null} if the content was * {@code null} */ public static String htmlElementContent(String content) { if (content == null) { return null; } StringBuilder sb = new StringBuilder(); for (int i = 0; i < content.length(); i++) { char c = content.charAt(i); if (c == '<') { sb.append("<"); } else if (c == '>') { sb.append(">"); } else if (c == '\'') { sb.append("'"); } else if (c == '&') { sb.append("&"); } else if (c == '"') { sb.append("""); } else if (c == '/') { sb.append("/"); } else { sb.append(c); } } return (sb.length() > content.length()) ? sb.toString() : content; } /** * Convert the object to a string via {@link Object#toString()} and HTML * escape the resulting string for use in HTML content. * * @param obj The object to convert to String and then escape * * @return The escaped content or "?" if obj is * {@code null} */ public static String htmlElementContent(Object obj) { if (obj == null) { return "?"; } try { return htmlElementContent(obj.toString()); } catch (Exception e) { return null; } } /** * Escape content for use in XML. * * @param content The content to escape * * @return The escaped content or {@code null} if the content was * {@code null} */ public static String xml(String content) { return xml(null, content); } /** * Escape content for use in XML. * * @param ifNull The value to return if content is {@code null} * @param content The content to escape * * @return The escaped content or the value of {@code ifNull} if the * content was {@code null} */ public static String xml(String ifNull, String content) { return xml(ifNull, false, content); } /** * Escape content for use in XML. * * @param ifNull The value to return if content is {@code null} * @param escapeCRLF Should CR and LF also be escaped? * @param content The content to escape * * @return The escaped content or the value of ifNull if the content was * {@code null} */ public static String xml(String ifNull, boolean escapeCRLF, String content) { if (content == null) { return ifNull; } StringBuilder sb = new StringBuilder(); for (int i = 0; i < content.length(); i++) { char c = content.charAt(i); if (c == '<') { sb.append("<"); } else if (c == '>') { sb.append(">"); } else if (c == '\'') { sb.append("'"); } else if (c == '&') { sb.append("&"); } else if (c == '"') { sb.append("""); } else if (escapeCRLF && c == '\r') { sb.append(" "); } else if (escapeCRLF && c == '\n') { sb.append(" "); } else { sb.append(c); } } return (sb.length() > content.length()) ? sb.toString(): content; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy