Added methods for removing HTML from a String, including forms for

easily allowing the common entities and for allowing via a whitelist
of regular expressions.


git-svn-id: https://samskivert.googlecode.com/svn/trunk@1611 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
ray
2005-03-10 22:23:08 +00:00
parent cd663da48c
commit 24ecdee051
@@ -38,6 +38,7 @@ import java.text.NumberFormat;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
@@ -138,6 +139,81 @@ public class StringUtil
});
}
/**
* Restrict all HTML from the specified String.
*/
public static String restrictHTML (String src)
{
return restrictHTML(src, new String[0]);
}
/**
* Restrict HTML except for the specified tags.
*
* @param allowFormatting enables <i>, <b>, <u>, and
* <font>.
* @param allowImages enabled <img ...>.
* @param allowLinks enabled <a href ...>.
*/
public static String restrictHTML (String src, boolean allowFormatting,
boolean allowImages, boolean allowLinks)
{
// TODO: these regexes should probably be checked to make
// sure that javascript can't live inside a link
ArrayList allow = new ArrayList();
if (allowFormatting) {
allow.add("<b>"); allow.add("</b>");
allow.add("<i>"); allow.add("</i>");
allow.add("<u>"); allow.add("</u>");
allow.add("<font [^>]+>"); allow.add("</font>");
}
if (allowImages) {
allow.add("<img [^>]+>"); allow.add("</img>");
}
if (allowLinks) {
allow.add("<a href=[^>]+>"); allow.add("</a>");
}
String[] regexes = new String[allow.size()];
allow.toArray(regexes);
return restrictHTML(src, regexes);
}
/**
* Restrict HTML from the specified string except for the specified
* regular expressions.
*/
public static String restrictHTML (String src, String[] regexes)
{
ArrayList list = new ArrayList();
list.add(src);
for (int ii=0, nn = regexes.length; ii < nn; ii++) {
Pattern p = Pattern.compile(regexes[ii], Pattern.CASE_INSENSITIVE);
for (int jj=0; jj < list.size(); jj += 2) {
String piece = (String) list.get(jj);
Matcher m = p.matcher(piece);
if (m.find()) {
list.set(jj, piece.substring(0, m.start()));
list.add(jj + 1, piece.substring(m.start(), m.end()));
list.add(jj + 2, piece.substring(m.end()));
}
}
}
// now, the even elements of list contain untrusted text, the
// odd elements contain stuff that matched a regex
StringBuffer buf = new StringBuffer();
for (int jj=0, nn = list.size(); jj < nn; jj++) {
String s = (String) list.get(jj);
if (jj % 2 == 0) {
s = replace(s, "<", "&lt;");
s = replace(s, ">", "&gt;");
}
buf.append(s);
}
return buf.toString();
}
/**
* Returns a new string based on <code>source</code> with all
* instances of <code>before</code> replaced with <code>after</code>.