/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream } return buffer.toString(); } else { return item; } }
/** * Unquote the name and quote the value. */ @Override public String getParameter(String name) { return HtmlQuoting.quoteHtmlChars(rawRequest.getParameter (HtmlQuoting.unquoteHtmlChars(name))); }
@Override public void write(int b) throws IOException { data[0] = (byte) b; quoteHtmlChars(out, data, 0, 1); }
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(); return needsQuoting(bytes, 0 , bytes.length); }
@Override public void write(byte[] data, int off, int len) throws IOException { quoteHtmlChars(out, data, off, len); }
@Test public void testNeedsQuoting() throws Exception { assertTrue(HtmlQuoting.needsQuoting("abcde>")); assertTrue(HtmlQuoting.needsQuoting("<abcde")); assertTrue(HtmlQuoting.needsQuoting("abc'de")); assertTrue(HtmlQuoting.needsQuoting("abcde\"")); assertTrue(HtmlQuoting.needsQuoting("&")); assertFalse(HtmlQuoting.needsQuoting("")); assertFalse(HtmlQuoting.needsQuoting("ab\ncdef")); assertFalse(HtmlQuoting.needsQuoting(null)); }
@Override public String[] getParameterValues(String name) { String unquoteName = HtmlQuoting.unquoteHtmlChars(name); String[] unquoteValue = rawRequest.getParameterValues(unquoteName); if (unquoteValue == null) { return null; } String[] result = new String[unquoteValue.length]; for(int i=0; i < result.length; ++i) { result[i] = HtmlQuoting.quoteHtmlChars(unquoteValue[i]); } return result; }
@Override public String nextElement() { return HtmlQuoting.quoteHtmlChars(rawIterator.nextElement()); } };
/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream } return buffer.toString(); } else { return item; } }
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(); return needsQuoting(bytes, 0 , bytes.length); }
public static void main(String[] args) throws Exception { if (args.length == 0) { throw new IllegalArgumentException("Please provide some arguments"); } for(String arg:args) { System.out.println("Original: " + arg); String quoted = quoteHtmlChars(arg); System.out.println("Quoted: "+ quoted); String unquoted = unquoteHtmlChars(quoted); System.out.println("Unquoted: " + unquoted); System.out.println(); } }
/** * Quote the server name so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public String getServerName() { return HtmlQuoting.quoteHtmlChars(rawRequest.getServerName()); } }
/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream } return buffer.toString(); } else { return item; } }
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(); return needsQuoting(bytes, 0 , bytes.length); }
private void runRoundTrip(String str) throws Exception { assertEquals(str, HtmlQuoting.unquoteHtmlChars(HtmlQuoting.quoteHtmlChars(str))); }
/** * Quote the url so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public StringBuffer getRequestURL(){ String url = rawRequest.getRequestURL().toString(); return new StringBuffer(HtmlQuoting.quoteHtmlChars(url)); }
/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream } return buffer.toString(); } else { return item; } }
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(); return needsQuoting(bytes, 0 , bytes.length); }
@Override public String[] getParameterValues(String name) { String unquoteName = HtmlQuoting.unquoteHtmlChars(name); String[] unquoteValue = rawRequest.getParameterValues(unquoteName); if (unquoteValue == null) { return null; } String[] result = new String[unquoteValue.length]; for(int i=0; i < result.length; ++i) { result[i] = HtmlQuoting.quoteHtmlChars(unquoteValue[i]); } return result; }
@Override public Map<String, String[]> getParameterMap() { Map<String, String[]> result = new HashMap<>(); Map<String, String[]> raw = rawRequest.getParameterMap(); for (Map.Entry<String,String[]> item: raw.entrySet()) { String[] rawValue = item.getValue(); String[] cookedValue = new String[rawValue.length]; for(int i=0; i< rawValue.length; ++i) { cookedValue[i] = HtmlQuoting.quoteHtmlChars(rawValue[i]); } result.put(HtmlQuoting.quoteHtmlChars(item.getKey()), cookedValue); } return result; }