From 24ecdee051caa6d60cd69ef3a12659e5d6796fcd Mon Sep 17 00:00:00 2001 From: ray Date: Thu, 10 Mar 2005 22:23:08 +0000 Subject: [PATCH] Added methods for removing HTML from a String, including forms for easily allowing the common entities and for allowing via a whitelist of regular expressions. git-svn-id: https://samskivert.googlecode.com/svn/trunk@1611 6335cc39-0255-0410-8fd6-9bcaacd3b74c --- .../java/com/samskivert/util/StringUtil.java | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/projects/samskivert/src/java/com/samskivert/util/StringUtil.java b/projects/samskivert/src/java/com/samskivert/util/StringUtil.java index 17f383b2..7c16be0d 100644 --- a/projects/samskivert/src/java/com/samskivert/util/StringUtil.java +++ b/projects/samskivert/src/java/com/samskivert/util/StringUtil.java @@ -38,6 +38,7 @@ import java.text.NumberFormat; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; import java.util.Iterator; @@ -138,6 +139,81 @@ public class StringUtil }); } + /** + * Restrict all HTML from the specified String. + */ + public static String restrictHTML (String src) + { + return restrictHTML(src, new String[0]); + } + + /** + * Restrict HTML except for the specified tags. + * + * @param allowFormatting enables <i>, <b>, <u>, and + * <font>. + * @param allowImages enabled <img ...>. + * @param allowLinks enabled <a href ...>. + */ + public static String restrictHTML (String src, boolean allowFormatting, + boolean allowImages, boolean allowLinks) + { + // TODO: these regexes should probably be checked to make + // sure that javascript can't live inside a link + ArrayList allow = new ArrayList(); + if (allowFormatting) { + allow.add(""); allow.add(""); + allow.add(""); allow.add(""); + allow.add(""); allow.add(""); + allow.add("]+>"); allow.add(""); + } + if (allowImages) { + allow.add("]+>"); allow.add(""); + } + if (allowLinks) { + allow.add("]+>"); allow.add(""); + } + + String[] regexes = new String[allow.size()]; + allow.toArray(regexes); + return restrictHTML(src, regexes); + } + + /** + * Restrict HTML from the specified string except for the specified + * regular expressions. + */ + public static String restrictHTML (String src, String[] regexes) + { + ArrayList list = new ArrayList(); + list.add(src); + for (int ii=0, nn = regexes.length; ii < nn; ii++) { + Pattern p = Pattern.compile(regexes[ii], Pattern.CASE_INSENSITIVE); + for (int jj=0; jj < list.size(); jj += 2) { + String piece = (String) list.get(jj); + Matcher m = p.matcher(piece); + if (m.find()) { + list.set(jj, piece.substring(0, m.start())); + list.add(jj + 1, piece.substring(m.start(), m.end())); + list.add(jj + 2, piece.substring(m.end())); + } + } + } + + // now, the even elements of list contain untrusted text, the + // odd elements contain stuff that matched a regex + StringBuffer buf = new StringBuffer(); + for (int jj=0, nn = list.size(); jj < nn; jj++) { + String s = (String) list.get(jj); + if (jj % 2 == 0) { + s = replace(s, "<", "<"); + s = replace(s, ">", ">"); + } + buf.append(s); + } + return buf.toString(); + } + /** * Returns a new string based on source with all * instances of before replaced with after.