goldcollection
/
muwire
mirror of https://github.com/zlatinb/muwire
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more efficient html sanitization

auto-update
Zlatin Balevsky 2021-09-29 16:06:35 +01:00
parent 3e268498cd
commit cb7f251a84
No known key found for this signature in database
GPG Key ID: A72832072D525E41
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
gui/src/main/java/com/muwire/gui/HTMLSanitizer.java
View File

@ -1,17 +1,24 @@
package com.muwire.gui; package com.muwire.gui;
public class HTMLSanitizer { public class HTMLSanitizer {
private static final String escapeChars[] = {"&", "\"", "<", ">"}; //, "'"}; // apostrophe not supported
private static final String escapeCodes[] = {"&amp;amp;", "&amp;quot;", "&amp;lt;", "&amp;gt;", "&amp;apos;"};
private static final String escapedCodes[] = {"&amp;", "&quot;", "&lt;", "&gt;"}; //, "&apos;"}; apostrophe not supported
public static String sanitize(String s) { public static String sanitize(String s) {
if (s == null) if (s == null)
return null; return null;
String escaped = s; StringBuilder sb = new StringBuilder(s.length() * 2 + 26);
for (int i = 0; i < escapeChars.length; i++) { sb.append("<html><body>");
escaped = escaped.replace(escapeChars[i], escapedCodes[i]); for (int i = 0; i < s.length(); i++) {
char c = s.charAt(i);
switch(c) {
case '&': sb.append("&amp;"); break;
case '\"': sb.append("&quot;"); break;
case '<' : sb.append("&lt;"); break;
case '>' : sb.append("&gt;"); break;
default :
sb.append(c);
}
} }
return "<html><body>" + escaped + "</body></html>"; sb.append("</body></html>");
return sb.toString();
} }
} }