Author: gmazza
Date: Tue Apr 1 01:32:35 2014
New Revision: 1583506
URL: http://svn.apache.org/r1583506
Log:
Minor Sonar issues fixed and some code reformatting (switching from tabs to 4
spaces.)
Modified:
roller/trunk/app/src/main/java/org/apache/roller/util/RollerConstants.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogEntry.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogReferrer.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerUserDetailsService.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/pagers/MediaFilesPager.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/TrackbackServlet.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/cache/PlanetCache.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/velocity/RollerVelocity.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Entries.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Templates.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/WeblogExport.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/HTMLSanitizer.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/Trackback.java
Modified:
roller/trunk/app/src/main/java/org/apache/roller/util/RollerConstants.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/util/RollerConstants.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/util/RollerConstants.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/util/RollerConstants.java
Tue Apr 1 01:32:35 2014
@@ -32,6 +32,8 @@ public final class RollerConstants {
public static final int SEC_IN_MS = 1000;
public static final int MIN_IN_MS = 60 * SEC_IN_MS;
+ public static final int TEXTWIDTH_255 = 255;
+
private RollerConstants() {
// never instantiable
throw new AssertionError();
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
Tue Apr 1 01:32:35 2014
@@ -25,6 +25,7 @@ import javax.persistence.Query;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.roller.util.RollerConstants;
import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.weblogger.business.BookmarkManager;
import org.apache.roller.weblogger.business.Weblogger;
@@ -172,17 +173,19 @@ public class JPABookmarkManagerImpl impl
// better to truncate imported OPML fields than to fail import or drop
whole bookmark
// TODO: add way to notify user that fields were truncated
- if (title != null && title.length() > 254) {
- title = title.substring(0, 254);
+ int maxLength = RollerConstants.TEXTWIDTH_255;
+
+ if (title != null && title.length() > maxLength) {
+ title = title.substring(0, maxLength);
}
- if (desc != null && desc.length() > 254) {
- desc = desc.substring(0, 254);
+ if (desc != null && desc.length() > maxLength) {
+ desc = desc.substring(0, maxLength);
}
- if (url != null && url.length() > 254) {
- url = url.substring(0, 254);
+ if (url != null && url.length() > maxLength) {
+ url = url.substring(0, maxLength);
}
- if (xmlUrl != null && xmlUrl.length() > 254) {
- xmlUrl = xmlUrl.substring(0, 254);
+ if (xmlUrl != null && xmlUrl.length() > maxLength) {
+ xmlUrl = xmlUrl.substring(0, maxLength);
}
if (elem.getChildren().size()==0) {
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogEntry.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogEntry.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogEntry.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogEntry.java
Tue Apr 1 01:32:35 2014
@@ -43,6 +43,7 @@ import org.apache.commons.lang3.builder.
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.roller.util.DateUtil;
+import org.apache.roller.util.RollerConstants;
import org.apache.roller.util.UUIDGenerator;
import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.weblogger.business.UserManager;
@@ -804,7 +805,7 @@ public class WeblogEntry implements Seri
*/
public String getDisplayTitle() {
if ( getTitle()==null || getTitle().trim().equals("") ) {
- return StringUtils.left(Utilities.removeHTML(getText()),255);
+ return StringUtils.left(Utilities.removeHTML(getText()),
RollerConstants.TEXTWIDTH_255);
}
return Utilities.removeHTML(getTitle());
}
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogReferrer.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogReferrer.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogReferrer.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogReferrer.java
Tue Apr 1 01:32:35 2014
@@ -22,6 +22,7 @@ import java.io.Serializable;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.roller.util.RollerConstants;
import org.apache.roller.util.UUIDGenerator;
@@ -75,8 +76,8 @@ public class WeblogReferrer implements S
this.dayHits = dayHits;
this.totalHits = totalHits;
- if (this.refererUrl != null && this.refererUrl.length() > 255) {
- this.refererUrl = this.refererUrl.substring(0, 254);
+ if (this.refererUrl != null && this.refererUrl.length() >
RollerConstants.TEXTWIDTH_255) {
+ this.refererUrl = this.refererUrl.substring(0,
RollerConstants.TEXTWIDTH_255);
}
}
@@ -135,8 +136,8 @@ public class WeblogReferrer implements S
}
public void setRefererUrl(String refererUrl) {
- if (refererUrl != null && refererUrl.length() > 255) {
- refererUrl = refererUrl.substring(0, 255);
+ if (refererUrl != null && refererUrl.length() >
RollerConstants.TEXTWIDTH_255) {
+ refererUrl = refererUrl.substring(0,
RollerConstants.TEXTWIDTH_255);
}
this.refererUrl = refererUrl;
}
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
Tue Apr 1 01:32:35 2014
@@ -24,7 +24,6 @@
package org.apache.roller.weblogger.ui.core.filters;
import java.io.IOException;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerUserDetailsService.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerUserDetailsService.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerUserDetailsService.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerUserDetailsService.java
Tue Apr 1 01:32:35 2014
@@ -14,7 +14,6 @@ import org.apache.roller.weblogger.busin
import org.apache.roller.weblogger.business.UserManager;
import org.apache.roller.weblogger.pojos.User;
import org.apache.roller.weblogger.pojos.UserAttribute;
-import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataAccessResourceFailureException;
import org.springframework.dao.DataRetrievalFailureException;
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/pagers/MediaFilesPager.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/pagers/MediaFilesPager.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/pagers/MediaFilesPager.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/pagers/MediaFilesPager.java
Tue Apr 1 01:32:35 2014
@@ -29,7 +29,6 @@ import org.apache.roller.weblogger.busin
import org.apache.roller.weblogger.business.URLStrategy;
import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.pojos.MediaFile;
-import org.apache.roller.weblogger.pojos.Weblog;
/**
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/TrackbackServlet.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/TrackbackServlet.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/TrackbackServlet.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/TrackbackServlet.java
Tue Apr 1 01:32:35 2014
@@ -110,8 +110,9 @@ public class TrackbackServlet extends Ht
if (trackbackRequest.getExcerpt() == null) {
trackbackRequest.setExcerpt("");
- } else if (trackbackRequest.getExcerpt().length() >= 255) {
-
trackbackRequest.setExcerpt(trackbackRequest.getExcerpt().substring(0,
252)+"...");
+ } else if (trackbackRequest.getExcerpt().length() >=
RollerConstants.TEXTWIDTH_255) {
+
trackbackRequest.setExcerpt(trackbackRequest.getExcerpt().substring(0,
+ RollerConstants.TEXTWIDTH_255 - 3)+"...");
}
// lookup weblog specified by comment request
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/cache/PlanetCache.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/cache/PlanetCache.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/cache/PlanetCache.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/cache/PlanetCache.java
Tue Apr 1 01:32:35 2014
@@ -160,8 +160,8 @@ public final class PlanetCache {
// still null, we need to get a fresh value
if(lastModified == null) {
- // TODO: get last updated for planet
- lastModified = null; //
WebloggerFactory.getWeblogger().getWeblogManager().getLastUpdated();
+ // TODO: create a WeblogManager.getLastUpdated() method to use
below
+ lastModified = null;
if (lastModified == null) {
lastModified = new Date();
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/velocity/RollerVelocity.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/velocity/RollerVelocity.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/velocity/RollerVelocity.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/velocity/RollerVelocity.java
Tue Apr 1 01:32:35 2014
@@ -28,8 +28,6 @@ import org.apache.roller.weblogger.ui.co
import org.apache.roller.weblogger.ui.rendering.mobile.MobileDeviceRepository;
import org.apache.velocity.Template;
import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.exception.ParseErrorException;
-import org.apache.velocity.exception.ResourceNotFoundException;
/**
@@ -97,7 +95,8 @@ public class RollerVelocity {
/**
* Convenience static method for looking up a template.
- * @throws ResourceNotFoundException, ParseErrorException
+ * @throws org.apache.velocity.exception.ResourceNotFoundException,
+ * org.apache.velocity.exception.ParseErrorException
*/
public static Template getTemplate(String name) {
return velocityEngine.getTemplate(name + "|standard");
@@ -105,7 +104,8 @@ public class RollerVelocity {
/**
* Convenience static method for looking up a template.
- * @throws ResourceNotFoundException, ParseErrorException
+ * @throws org.apache.velocity.exception.ResourceNotFoundException,
+ * org.apache.velocity.exception.ParseErrorException
*/
public static Template getTemplate(String name,
MobileDeviceRepository.DeviceType deviceType) {
@@ -114,7 +114,8 @@ public class RollerVelocity {
/**
* Convenience static method for looking up a template.
- * @throws ResourceNotFoundException, ParseErrorException
+ * @throws org.apache.velocity.exception.ResourceNotFoundException,
+ * org.apache.velocity.exception.ParseErrorException
*/
public static Template getTemplate(String name, String encoding) {
return velocityEngine.getTemplate(name + "|standard", encoding);
@@ -122,7 +123,8 @@ public class RollerVelocity {
/**
* Convenience static method for looking up a template.
- * @throws ResourceNotFoundException, ParseErrorException
+ * @throws org.apache.velocity.exception.ResourceNotFoundException,
+ * org.apache.velocity.exception.ParseErrorException
*/
public static Template getTemplate(String name,
MobileDeviceRepository.DeviceType deviceType, String
encoding) {
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Entries.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Entries.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Entries.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Entries.java
Tue Apr 1 01:32:35 2014
@@ -20,7 +20,6 @@ package org.apache.roller.weblogger.ui.s
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Templates.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Templates.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Templates.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Templates.java
Tue Apr 1 01:32:35 2014
@@ -21,6 +21,7 @@ package org.apache.roller.weblogger.ui.s
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.roller.util.RollerConstants;
import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.pojos.WeblogPermission;
@@ -222,7 +223,7 @@ public class Templates extends UIAction
// make sure name is non-null and within proper size
if (StringUtils.isEmpty(getNewTmplName())) {
addError("Template.error.nameNull");
- } else if (getNewTmplName().length() > 255) {
+ } else if (getNewTmplName().length() >
RollerConstants.TEXTWIDTH_255) {
addError("Template.error.nameSize");
}
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/WeblogExport.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/WeblogExport.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/WeblogExport.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/WeblogExport.java
Tue Apr 1 01:32:35 2014
@@ -22,7 +22,6 @@ import java.io.InputStream;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.LinkedHashMap;
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/HTMLSanitizer.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/HTMLSanitizer.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/HTMLSanitizer.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/HTMLSanitizer.java
Tue Apr 1 01:32:35 2014
@@ -1,6 +1,6 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. The ASF licenses this file to You
+ * contributor license agreements. The ASF licenses this file to You
* under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -17,26 +17,26 @@
*/
/**
-Copyright (c) 2009 Open Lab, http://www.open-lab.com/
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-*/
+ Copyright (c) 2009 Open Lab, http://www.open-lab.com/
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
package org.apache.roller.weblogger.util;
@@ -45,23 +45,24 @@ import java.util.List;
import java.util.Stack;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+
import org.apache.commons.validator.UrlValidator;
import org.apache.roller.weblogger.config.WebloggerConfig;
public class HTMLSanitizer {
- public static Boolean xssEnabled =
WebloggerConfig.getBooleanProperty("weblogAdminsUntrusted", Boolean.FALSE);
+ public static Boolean xssEnabled =
WebloggerConfig.getBooleanProperty("weblogAdminsUntrusted", Boolean.FALSE);
- public static Pattern forbiddenTags =
Pattern.compile("^(script|object|embed|link|style|form|input)$");
- public static Pattern allowedTags =
Pattern.compile("^(b|p|i|s|a|img|table|thead|tbody|tfoot|tr|th|td|dd|dl|dt|em|h1|h2|h3|h4|h5|h6|li|ul|ol|span|div|strike|strong|"
- +
"sub|sup|pre|del|code|blockquote|strike|kbd|br|hr|area|map|object|embed|param|link|form|small|big)$");
+ public static Pattern forbiddenTags =
Pattern.compile("^(script|object|embed|link|style|form|input)$");
+ public static Pattern allowedTags =
Pattern.compile("^(b|p|i|s|a|img|table|thead|tbody|tfoot|tr|th|td|dd|dl|dt|em|h1|h2|h3|h4|h5|h6|li|ul|ol|span|div|strike|strong|"
+ +
"sub|sup|pre|del|code|blockquote|strike|kbd|br|hr|area|map|object|embed|param|link|form|small|big)$");
// <!--.........>
private static Pattern commentPattern = Pattern.compile("<!--.*");
// <tag ....props.....>
private static Pattern tagStartPattern =
Pattern.compile("<(?i)(\\w+\\b)\\s*(.*)/?>$");
// </tag .........>
private static Pattern tagClosePattern =
Pattern.compile("</(?i)(\\w+\\b)\\s*>$");
- private static Pattern standAloneTags =
Pattern.compile("^(img|br|hr)$");
- private static Pattern selfClosed = Pattern.compile("<.+/>");
+ private static Pattern standAloneTags = Pattern.compile("^(img|br|hr)$");
+ private static Pattern selfClosed = Pattern.compile("<.+/>");
// prop="...."
private static Pattern attributesPattern =
Pattern.compile("(\\w*)\\s*=\\s*\"([^\"]*)\"");
// color:red;
@@ -71,453 +72,458 @@ public class HTMLSanitizer {
// expression(....)" thanks to Ben Summer
private static Pattern forbiddenStylePattern =
Pattern.compile("(?:(expression|eval|javascript))\\s*\\(");
- /**
- * This method should be used to test input.
- *
- * @param html
- * @return true if the input is "valid"
- */
- public static boolean isSanitized(String html) {
- return sanitizer(html).isValid;
- }
-
- /**
- * Used to clean every html before to output it in any html page
- *
- * @param html
- * @return sanitized html
- */
- public static String sanitize(String html) {
- return sanitizer(html).html;
- }
-
- public static String conditionallySanitize(String ret) {
- // if XSS is enabled then sanitize HTML
- if (xssEnabled && ret != null) {
- ret = HTMLSanitizer.sanitize(ret);
- }
- return ret;
- }
-
- /**
- * Used to get the text, tags removed or encoded
- *
- * @param html
- * @return sanitized text
- */
- public static String getText(String html) {
- return sanitizer(html).text;
- }
-
- /**
- * This is the main method of sanitizing. It will be used both for
validation and cleaning
- *
- * @param html
- * @return a SanitizeResult object
- */
- public static SanitizeResult sanitizer(String html) {
- return sanitizer(html, allowedTags, forbiddenTags);
- }
-
- public static SanitizeResult sanitizer(String html, Pattern
allowedTags, Pattern forbiddenTags) {
- SanitizeResult ret = new SanitizeResult();
- Stack<String> openTags = new Stack<String>();
-
-
- List<String> tokens = tokenize(html);
-
- // ------------------- LOOP for every token
--------------------------
- for (String token : tokens) {
- boolean isAcceptedToken = false;
-
- Matcher startMatcher = tagStartPattern.matcher(token);
- Matcher endMatcher = tagClosePattern.matcher(token);
-
-
-
//--------------------------------------------------------------------------------
COMMENT <!-- ......... -->
- if (commentPattern.matcher(token).find()) {
- ret.val = ret.val + token +
(token.endsWith("-->") ? "" : "-->");
- ret.invalidTags.add(token +
(token.endsWith("-->") ? "" : "-->"));
- continue;
-
-
-
//--------------------------------------------------------------------------------
OPEN TAG <tag .........>
- } else if (startMatcher.find()) {
-
- //tag name extraction
- String tag =
startMatcher.group(1).toLowerCase();
-
-
-
//----------------------------------------------------- FORBIDDEN TAG
<script .........>
- if (forbiddenTags.matcher(tag).find()) {
- ret.invalidTags.add("<" + tag + ">");
- continue;
-
-
- //
-------------------------------------------------- WELL KNOWN TAG
- } else if (allowedTags.matcher(tag).find()) {
-
-
- String cleanToken = "<" + tag;
- String tokenBody =
startMatcher.group(2);
-
-
- //first test table consistency
- //table tbody tfoot thead th tr td
- if ("thead".equals(tag) ||
"tbody".equals(tag) || "tfoot".equals(tag) || "tr".equals(tag)) {
- if (openTags.search("table") <
1) {
- ret.invalidTags.add("<"
+ tag + ">");
- continue;
- }
- } else if (("td".equals(tag) ||
"th".equals(tag)) && openTags.search("tr") < 1) {
+ /**
+ * This method should be used to test input.
+ *
+ * @param html
+ * @return true if the input is "valid"
+ */
+ public static boolean isSanitized(String html) {
+ return sanitizer(html).isValid;
+ }
+
+ /**
+ * Used to clean every html before to output it in any html page
+ *
+ * @param html
+ * @return sanitized html
+ */
+ public static String sanitize(String html) {
+ return sanitizer(html).html;
+ }
+
+ public static String conditionallySanitize(String ret) {
+ // if XSS is enabled then sanitize HTML
+ if (xssEnabled && ret != null) {
+ ret = HTMLSanitizer.sanitize(ret);
+ }
+ return ret;
+ }
+
+ /**
+ * Used to get the text, tags removed or encoded
+ *
+ * @param html
+ * @return sanitized text
+ */
+ public static String getText(String html) {
+ return sanitizer(html).text;
+ }
+
+ /**
+ * This is the main method of sanitizing. It will be used both for
validation and cleaning
+ *
+ * @param html
+ * @return a SanitizeResult object
+ */
+ public static SanitizeResult sanitizer(String html) {
+ return sanitizer(html, allowedTags, forbiddenTags);
+ }
+
+ public static SanitizeResult sanitizer(String html, Pattern allowedTags,
Pattern forbiddenTags) {
+ SanitizeResult ret = new SanitizeResult();
+ Stack<String> openTags = new Stack<String>();
+
+
+ List<String> tokens = tokenize(html);
+
+ // ------------------- LOOP for every token
--------------------------
+ for (String token : tokens) {
+ boolean isAcceptedToken = false;
+
+ Matcher startMatcher = tagStartPattern.matcher(token);
+ Matcher endMatcher = tagClosePattern.matcher(token);
+
+
+
//--------------------------------------------------------------------------------
COMMENT <!-- ......... -->
+ if (commentPattern.matcher(token).find()) {
+ ret.val = ret.val + token + (token.endsWith("-->") ? "" :
"-->");
+ ret.invalidTags.add(token + (token.endsWith("-->") ? "" :
"-->"));
+ continue;
+
+
+
//--------------------------------------------------------------------------------
OPEN TAG <tag .........>
+ } else if (startMatcher.find()) {
+
+ //tag name extraction
+ String tag = startMatcher.group(1).toLowerCase();
+
+
+ //-----------------------------------------------------
FORBIDDEN TAG <script .........>
+ if (forbiddenTags.matcher(tag).find()) {
+ ret.invalidTags.add("<" + tag + ">");
+ continue;
+
+
+ // --------------------------------------------------
WELL KNOWN TAG
+ } else if (allowedTags.matcher(tag).find()) {
+
+
+ String cleanToken = "<" + tag;
+ String tokenBody = startMatcher.group(2);
+
+
+ //first test table consistency
+ //table tbody tfoot thead th tr td
+ if ("thead".equals(tag) || "tbody".equals(tag) ||
"tfoot".equals(tag) || "tr".equals(tag)) {
+ if (openTags.search("table") < 1) {
+ ret.invalidTags.add("<" + tag + ">");
+ continue;
+ }
+ } else if (("td".equals(tag) || "th".equals(tag)) &&
openTags.search("tr") < 1) {
ret.invalidTags.add("<" + tag + ">");
continue;
- }
-
+ }
- // then test properties
- Matcher attributes =
attributesPattern.matcher(tokenBody);
- boolean foundURL = false; // URL flag
- while (attributes.find()) {
+ // then test properties
+ Matcher attributes = attributesPattern.matcher(tokenBody);
- String attr =
attributes.group(1).toLowerCase();
- String val =
attributes.group(2);
-
- // we will accept href in case
of <A>
- if ("a".equals(tag) &&
"href".equals(attr)) { // <a href="......">
- String[] customSchemes
= {"http", "https"};
- if (new
UrlValidator(customSchemes).isValid(val)) {
- foundURL = true;
- } else {
- // may be it is
a mailto?
- // case <a
href="mailto:[email protected]?subject=....";
- if
(val.toLowerCase().startsWith("mailto:";) && val.indexOf('@') >= 0) {
- String
val1 = "http://www."; + val.substring(val.indexOf('@') + 1);
- if (new
UrlValidator(customSchemes).isValid(val1)) {
-
foundURL = true;
- } else {
-
ret.invalidTags.add(attr + " " + val);
-
val = "";
- }
- } else {
-
ret.invalidTags.add(attr + " " + val);
- val =
"";
- }
- }
-
- } else if
(tag.matches("img|embed") && "src".equals(attr)) { // <img src="......">
- String[] customSchemes
= {"http", "https"};
- if (new
UrlValidator(customSchemes).isValid(val)) {
- foundURL = true;
- } else {
-
ret.invalidTags.add(attr + " " + val);
- val = "";
- }
-
- } else if ("href".equals(attr)
|| "src".equals(attr)) { // <tag src/href="......"> skipped
- ret.invalidTags.add(tag
+ " " + attr + " " + val);
- continue;
-
-
- } else if
(attr.matches("width|height")) { // <tag width/height="......">
- if
(!val.toLowerCase().matches("\\d+%|\\d+$")) { // test numeric values
-
ret.invalidTags.add(tag + " " + attr + " " + val);
- continue;
- }
-
- } else if
("style".equals(attr)) { // <tag style="......">
-
-
- // then test properties
- Matcher styles =
stylePattern.matcher(val);
- String cleanStyle = "";
-
- while (styles.find()) {
- String
styleName = styles.group(1).toLowerCase();
- String
styleValue = styles.group(2);
-
- // suppress
invalid styles values
- if
(forbiddenStylePattern.matcher(styleValue).find()) {
-
ret.invalidTags.add(tag + " " + attr + " " + styleValue);
-
continue;
- }
-
- // check if
valid url
- Matcher
urlStyleMatcher = urlStylePattern.matcher(styleValue);
- if
(urlStyleMatcher.find()) {
-
String[] customSchemes = {"http", "https"};
- String
url = urlStyleMatcher.group(1);
- if
(!new UrlValidator(customSchemes).isValid(url)) {
-
ret.invalidTags.add(tag + " " + attr + " " + styleValue);
-
continue;
- }
- }
-
- cleanStyle =
cleanStyle + styleName + ":" + encode(styleValue) + ";";
-
- }
- val = cleanStyle;
-
- } else if
(attr.startsWith("on")) { // skip all javascript events
- ret.invalidTags.add(tag
+ " " + attr + " " + val);
- continue;
-
- } else { // by default encode
all properies
- val = encode(val);
- }
-
- cleanToken = cleanToken + " " +
attr + "=\"" + val + "\"";
- }
- cleanToken = cleanToken + ">";
-
- isAcceptedToken = true;
-
- // for <img> and <a>
- if (tag.matches("a|img|embed") &&
!foundURL) {
- isAcceptedToken = false;
- cleanToken = "";
- }
-
- token = cleanToken;
-
-
- // push the tag if require closure and
it is accepted (otherwirse is encoded)
- if (isAcceptedToken &&
!(standAloneTags.matcher(tag).find() || selfClosed.matcher(tag).find())) {
- openTags.push(tag);
- }
-
- //
--------------------------------------------------------------------------------
UNKNOWN TAG
- } else {
- ret.invalidTags.add(token);
- ret.val = ret.val + token;
- continue;
-
-
- }
-
- //
--------------------------------------------------------------------------------
CLOSE TAG </tag>
- } else if (endMatcher.find()) {
- String tag = endMatcher.group(1).toLowerCase();
-
- //is self closing
- if (selfClosed.matcher(tag).find()) {
- ret.invalidTags.add(token);
- continue;
- }
- if (forbiddenTags.matcher(tag).find()) {
- ret.invalidTags.add("/" + tag);
- continue;
- }
- if (!allowedTags.matcher(tag).find()) {
- ret.invalidTags.add(token);
- ret.val = ret.val + token;
- continue;
- } else {
-
-
- String cleanToken = "";
-
- // check tag position in the stack
- int pos = openTags.search(tag);
- // if found on top ok
- for (int i = 1; i <= pos; i++) {
- //pop all elements before tag
and close it
- String poppedTag =
openTags.pop();
- cleanToken = cleanToken + "</"
+ poppedTag + ">";
- isAcceptedToken = true;
- }
-
- token = cleanToken;
- }
-
- }
-
- ret.val = ret.val + token;
-
- if (isAcceptedToken) {
- ret.html = ret.html + token;
- //ret.text = ret.text + " ";
- } else {
- String sanToken =
htmlEncodeApexesAndTags(token);
- ret.html = ret.html + sanToken;
- ret.text = ret.text +
htmlEncodeApexesAndTags(removeLineFeed(token));
- }
-
-
- }
-
- // must close remaining tags
- while (openTags.size() > 0) {
- //pop all elements before tag and close it
- String poppedTag = openTags.pop();
- ret.html = ret.html + "</" + poppedTag + ">";
- ret.val = ret.val + "</" + poppedTag + ">";
- }
-
- //set boolean value
- ret.isValid = ret.invalidTags.size() == 0;
-
- return ret;
- }
-
- /**
- * Splits html tag and tag content <......>.
- *
- * @param html
- * @return a list of token
- */
- private static List<String> tokenize(String html) {
- ArrayList tokens = new ArrayList();
- int pos = 0;
- String token = "";
- int len = html.length();
- while (pos < len) {
- char c = html.charAt(pos);
-
- String ahead = html.substring(pos, pos > len - 4 ? len
: pos + 4);
-
- //a comment is starting
- if ("<!--".equals(ahead)) {
- //store the current token
- if (token.length() > 0) {
- tokens.add(token);
- }
-
- //clear the token
- token = "";
-
- // serch the end of <......>
- int end = moveToMarkerEnd(pos, "-->", html);
- tokens.add(html.substring(pos, end));
- pos = end;
-
-
- // a new "<" token is starting
- } else if ('<' == c) {
-
- //store the current token
- if (token.length() > 0) {
- tokens.add(token);
- }
-
- //clear the token
- token = "";
-
- // serch the end of <......>
- int end = moveToMarkerEnd(pos, ">", html);
- tokens.add(html.substring(pos, end));
- pos = end;
-
- } else {
- token = token + c;
- pos++;
- }
-
- }
-
- //store the last token
- if (token.length() > 0) {
- tokens.add(token);
- }
-
- return tokens;
- }
-
- private static int moveToMarkerEnd(int pos, String marker, String s) {
- int i = s.indexOf(marker, pos);
- if (i > -1) {
- pos = i + marker.length();
- } else {
- pos = s.length();
- }
- return pos;
- }
-
- /**
- * Contains the sanitizing results.
- * html is the sanitized html encoded ready to be printed. Unaccepted
tag are encode, text inside tag is always encoded MUST BE USED WHEN PRINTING
HTML
- * text is the text inside valid tags. Contains invalid tags encoded
SHOULD BE USED TO PRINT
EXCERPTS
- * val is the html source cleaned from unaccepted tags. It is not
encoded: SHOULD BE USED IN SAVE
ACTIONS
- * isValid is true when every tag is accepted without forcing encoding
- * invalidTags is the list of encoded-killed tags
- */
- static class SanitizeResult {
-
- public String html = "";
- public String text = "";
- public String val = "";
- public boolean isValid = true;
- public List<String> invalidTags = new ArrayList();
- }
-
- public static String encode(String s) {
- return convertLineFeedToBR(htmlEncodeApexesAndTags(s == null ?
"" : s));
- }
-
- public static final String htmlEncodeApexesAndTags(String source) {
- return htmlEncodeTag(htmlEncodeApexes(source));
- }
-
- public static final String htmlEncodeApexes(String source) {
- if (source != null) {
- String result = replaceAllNoRegex(source, new
String[]{"\"", "'"}, new String[]{""", "'"});
- return result;
- } else {
- return null;
- }
- }
-
- public static final String htmlEncodeTag(String source) {
- if (source != null) {
- String result = replaceAllNoRegex(source, new
String[]{"<", ">"}, new String[]{"<", ">"});
- return result;
- } else {
- return null;
- }
- }
-
- public static String convertLineFeedToBR(String text) {
- if (text != null) {
- return replaceAllNoRegex(text, new String[]{"\n", "\f",
"\r"}, new String[]{"<br>", "<br>", " "});
- } else {
- return null;
- }
- }
-
- public static String removeLineFeed(String text) {
-
- if (text != null) {
- return replaceAllNoRegex(text, new String[]{"\n", "\f",
"\r"}, new String[]{" ", " ", " "});
- } else {
- return null;
- }
- }
-
- public static final String replaceAllNoRegex(String source, String
searches[], String replaces[]) {
- int k;
- String tmp = source;
- for (k = 0; k < searches.length; k++) {
- tmp = replaceAllNoRegex(tmp, searches[k], replaces[k]);
- }
- return tmp;
- }
-
- public static final String replaceAllNoRegex(String source, String
search, String replace) {
- StringBuilder buffer = new StringBuilder();
- if (source != null) {
- if (search.length() == 0) {
- return source;
- }
- int oldPos, pos;
- for (oldPos = 0, pos = source.indexOf(search, oldPos);
pos != -1; oldPos = pos + search.length(), pos = source.indexOf(search,
oldPos)) {
- buffer.append(source.substring(oldPos, pos));
- buffer.append(replace);
- }
- if (oldPos < source.length()) {
- buffer.append(source.substring(oldPos));
- }
- }
- return new String(buffer);
- }
+ // URL flag
+ boolean foundURL = false;
+ while (attributes.find()) {
+
+ String attr = attributes.group(1).toLowerCase();
+ String val = attributes.group(2);
+
+ // we will accept href in case of <A>
+ // <a href="......">
+ if ("a".equals(tag) && "href".equals(attr)) {
+ String[] customSchemes = {"http", "https"};
+ if (new UrlValidator(customSchemes).isValid(val)) {
+ foundURL = true;
+ } else {
+ // may be it is a mailto?
+ // case <a
href="mailto:[email protected]?subject=....";
+ if (val.toLowerCase().startsWith("mailto:";) &&
val.indexOf('@') >= 0) {
+ String val1 = "http://www."; +
val.substring(val.indexOf('@') + 1);
+ if (new
UrlValidator(customSchemes).isValid(val1)) {
+ foundURL = true;
+ } else {
+ ret.invalidTags.add(attr + " " + val);
+ val = "";
+ }
+ } else {
+ ret.invalidTags.add(attr + " " + val);
+ val = "";
+ }
+ }
+
+ } else if (tag.matches("img|embed") &&
"src".equals(attr)) {
+ // <img src="......">
+ String[] customSchemes = {"http", "https"};
+ if (new UrlValidator(customSchemes).isValid(val)) {
+ foundURL = true;
+ } else {
+ ret.invalidTags.add(attr + " " + val);
+ val = "";
+ }
+ } else if ("href".equals(attr) || "src".equals(attr)) {
+ // <tag src/href="......"> skipped
+ ret.invalidTags.add(tag + " " + attr + " " + val);
+ continue;
+ } else if (attr.matches("width|height")) {
+ // <tag width/height="......">
+ if (!val.toLowerCase().matches("\\d+%|\\d+$")) {
+ // test numeric values
+ ret.invalidTags.add(tag + " " + attr + " " +
val);
+ continue;
+ }
+
+ } else if ("style".equals(attr)) {
+ // <tag style="......">
+ // then test properties
+ Matcher styles = stylePattern.matcher(val);
+ String cleanStyle = "";
+
+ while (styles.find()) {
+ String styleName =
styles.group(1).toLowerCase();
+ String styleValue = styles.group(2);
+
+ // suppress invalid styles values
+ if
(forbiddenStylePattern.matcher(styleValue).find()) {
+ ret.invalidTags.add(tag + " " + attr + " "
+ styleValue);
+ continue;
+ }
+
+ // check if valid url
+ Matcher urlStyleMatcher =
urlStylePattern.matcher(styleValue);
+ if (urlStyleMatcher.find()) {
+ String[] customSchemes = {"http", "https"};
+ String url = urlStyleMatcher.group(1);
+ if (!new
UrlValidator(customSchemes).isValid(url)) {
+ ret.invalidTags.add(tag + " " + attr +
" " + styleValue);
+ continue;
+ }
+ }
+
+ cleanStyle = cleanStyle + styleName + ":" +
encode(styleValue) + ";";
+
+ }
+ val = cleanStyle;
+
+ } else if (attr.startsWith("on")) {
+ // skip all javascript events
+ ret.invalidTags.add(tag + " " + attr + " " + val);
+ continue;
+
+ } else {
+ // by default encode all properties
+ val = encode(val);
+ }
+
+ cleanToken = cleanToken + " " + attr + "=\"" + val +
"\"";
+ }
+ cleanToken = cleanToken + ">";
+
+ isAcceptedToken = true;
+
+ // for <img> and <a>
+ if (tag.matches("a|img|embed") && !foundURL) {
+ isAcceptedToken = false;
+ cleanToken = "";
+ }
+
+ token = cleanToken;
+
+
+ // push the tag if require closure and it is accepted
(otherwise is encoded)
+ if (isAcceptedToken &&
!(standAloneTags.matcher(tag).find() || selfClosed.matcher(tag).find())) {
+ openTags.push(tag);
+ }
+
+ //
--------------------------------------------------------------------------------
UNKNOWN TAG
+ } else {
+ ret.invalidTags.add(token);
+ ret.val = ret.val + token;
+ continue;
+
+
+ }
+
+ //
--------------------------------------------------------------------------------
CLOSE TAG </tag>
+ } else if (endMatcher.find()) {
+ String tag = endMatcher.group(1).toLowerCase();
+
+ //is self closing
+ if (selfClosed.matcher(tag).find()) {
+ ret.invalidTags.add(token);
+ continue;
+ }
+ if (forbiddenTags.matcher(tag).find()) {
+ ret.invalidTags.add("/" + tag);
+ continue;
+ }
+ if (!allowedTags.matcher(tag).find()) {
+ ret.invalidTags.add(token);
+ ret.val = ret.val + token;
+ continue;
+ } else {
+
+
+ String cleanToken = "";
+
+ // check tag position in the stack
+ int pos = openTags.search(tag);
+ // if found on top ok
+ for (int i = 1; i <= pos; i++) {
+ //pop all elements before tag and close it
+ String poppedTag = openTags.pop();
+ cleanToken = cleanToken + "</" + poppedTag + ">";
+ isAcceptedToken = true;
+ }
+
+ token = cleanToken;
+ }
+
+ }
+
+ ret.val = ret.val + token;
+
+ if (isAcceptedToken) {
+ ret.html = ret.html + token;
+ //ret.text = ret.text + " ";
+ } else {
+ String sanToken = htmlEncodeApexesAndTags(token);
+ ret.html = ret.html + sanToken;
+ ret.text = ret.text +
htmlEncodeApexesAndTags(removeLineFeed(token));
+ }
+
+
+ }
+
+ // must close remaining tags
+ while (openTags.size() > 0) {
+ //pop all elements before tag and close it
+ String poppedTag = openTags.pop();
+ ret.html = ret.html + "</" + poppedTag + ">";
+ ret.val = ret.val + "</" + poppedTag + ">";
+ }
+
+ //set boolean value
+ ret.isValid = ret.invalidTags.size() == 0;
+
+ return ret;
+ }
+
+ /**
+ * Splits html tag and tag content <......>.
+ *
+ * @param html
+ * @return a list of token
+ */
+ private static List<String> tokenize(String html) {
+ ArrayList tokens = new ArrayList();
+ int pos = 0;
+ String token = "";
+ int len = html.length();
+ while (pos < len) {
+ char c = html.charAt(pos);
+
+ String ahead = html.substring(pos, pos > len - 4 ? len : pos + 4);
+
+ //a comment is starting
+ if ("<!--".equals(ahead)) {
+ //store the current token
+ if (token.length() > 0) {
+ tokens.add(token);
+ }
+
+ //clear the token
+ token = "";
+
+ // search the end of <......>
+ int end = moveToMarkerEnd(pos, "-->", html);
+ tokens.add(html.substring(pos, end));
+ pos = end;
+
+
+ // a new "<" token is starting
+ } else if ('<' == c) {
+
+ //store the current token
+ if (token.length() > 0) {
+ tokens.add(token);
+ }
+
+ //clear the token
+ token = "";
+
+ // serch the end of <......>
+ int end = moveToMarkerEnd(pos, ">", html);
+ tokens.add(html.substring(pos, end));
+ pos = end;
+
+ } else {
+ token = token + c;
+ pos++;
+ }
+
+ }
+
+ //store the last token
+ if (token.length() > 0) {
+ tokens.add(token);
+ }
+
+ return tokens;
+ }
+
+ private static int moveToMarkerEnd(int pos, String marker, String s) {
+ int i = s.indexOf(marker, pos);
+ if (i > -1) {
+ pos = i + marker.length();
+ } else {
+ pos = s.length();
+ }
+ return pos;
+ }
+
+ /**
+ * Contains the sanitizing results.
+ * html is the sanitized html encoded ready to be printed. Unaccepted tag
are encode, text inside tag is always encoded MUST BE USED WHEN PRINTING HTML
+ * text is the text inside valid tags. Contains invalid tags encoded
SHOULD BE USED TO PRINT
EXCERPTS
+ * val is the html source cleaned from unaccepted tags. It is not
encoded: SHOULD BE USED IN SAVE
ACTIONS
+ * isValid is true when every tag is accepted without forcing encoding
+ * invalidTags is the list of encoded-killed tags
+ */
+ static class SanitizeResult {
+
+ public String html = "";
+ public String text = "";
+ public String val = "";
+ public boolean isValid = true;
+ public List<String> invalidTags = new ArrayList();
+ }
+
+ public static String encode(String s) {
+ return convertLineFeedToBR(htmlEncodeApexesAndTags(s == null ? "" :
s));
+ }
+
+ public static final String htmlEncodeApexesAndTags(String source) {
+ return htmlEncodeTag(htmlEncodeApexes(source));
+ }
+
+ public static final String htmlEncodeApexes(String source) {
+ if (source != null) {
+ String result = replaceAllNoRegex(source, new String[]{"\"", "'"},
new String[]{""", "'"});
+ return result;
+ } else {
+ return null;
+ }
+ }
+
+ public static final String htmlEncodeTag(String source) {
+ if (source != null) {
+ String result = replaceAllNoRegex(source, new String[]{"<", ">"},
new String[]{"<", ">"});
+ return result;
+ } else {
+ return null;
+ }
+ }
+
+ public static String convertLineFeedToBR(String text) {
+ if (text != null) {
+ return replaceAllNoRegex(text, new String[]{"\n", "\f", "\r"}, new
String[]{"<br>", "<br>", " "});
+ } else {
+ return null;
+ }
+ }
+
+ public static String removeLineFeed(String text) {
+
+ if (text != null) {
+ return replaceAllNoRegex(text, new String[]{"\n", "\f", "\r"}, new
String[]{" ", " ", " "});
+ } else {
+ return null;
+ }
+ }
+
+ public static final String replaceAllNoRegex(String source, String
searches[], String replaces[]) {
+ int k;
+ String tmp = source;
+ for (k = 0; k < searches.length; k++) {
+ tmp = replaceAllNoRegex(tmp, searches[k], replaces[k]);
+ }
+ return tmp;
+ }
+
+ public static final String replaceAllNoRegex(String source, String search,
String replace) {
+ StringBuilder buffer = new StringBuilder();
+ if (source != null) {
+ if (search.length() == 0) {
+ return source;
+ }
+ int oldPos, pos;
+ for (oldPos = 0, pos = source.indexOf(search, oldPos); pos != -1;
oldPos = pos + search.length(),
+ pos = source.indexOf(search, oldPos)) {
+ buffer.append(source.substring(oldPos, pos));
+ buffer.append(replace);
+ }
+ if (oldPos < source.length()) {
+ buffer.append(source.substring(oldPos));
+ }
+ }
+ return new String(buffer);
+ }
}
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/Trackback.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/Trackback.java?rev=1583506&r1=1583505&r2=1583506&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/Trackback.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/util/Trackback.java
Tue Apr 1 01:32:35 2014
@@ -105,7 +105,8 @@ public class Trackback {
// Construct data
String title = entry.getTitle();
- String excerpt = StringUtils.left(
Utilities.removeHTML(entry.getDisplayContent()),255 );
+ String excerpt = StringUtils.left(
Utilities.removeHTML(entry.getDisplayContent()),
+ RollerConstants.TEXTWIDTH_255);
String url = entry.getPermalink();
String blog_name = entry.getWebsite().getName();
