mirror of https://github.com/zlatinb/muwire
more efficient html sanitization
parent
3e268498cd
commit
cb7f251a84
|
@ -1,17 +1,24 @@
|
|||
package com.muwire.gui;
|
||||
|
||||
public class HTMLSanitizer {
|
||||
private static final String escapeChars[] = {"&", "\"", "<", ">"}; //, "'"}; // apostrophe not supported
|
||||
private static final String escapeCodes[] = {"&amp;", "&quot;", "&lt;", "&gt;", "&apos;"};
|
||||
private static final String escapedCodes[] = {"&", """, "<", ">"}; //, "'"}; apostrophe not supported
|
||||
|
||||
public static String sanitize(String s) {
|
||||
if (s == null)
|
||||
return null;
|
||||
String escaped = s;
|
||||
for (int i = 0; i < escapeChars.length; i++) {
|
||||
escaped = escaped.replace(escapeChars[i], escapedCodes[i]);
|
||||
StringBuilder sb = new StringBuilder(s.length() * 2 + 26);
|
||||
sb.append("<html><body>");
|
||||
for (int i = 0; i < s.length(); i++) {
|
||||
char c = s.charAt(i);
|
||||
switch(c) {
|
||||
case '&': sb.append("&"); break;
|
||||
case '\"': sb.append("""); break;
|
||||
case '<' : sb.append("<"); break;
|
||||
case '>' : sb.append(">"); break;
|
||||
default :
|
||||
sb.append(c);
|
||||
}
|
||||
return "<html><body>" + escaped + "</body></html>";
|
||||
}
|
||||
sb.append("</body></html>");
|
||||
return sb.toString();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue