Dear Devs,
Velocity is a great opensource component for weg page render. We deploy
it on our site that render dynamic web pages more than 1 billion pages
everyday. But velocity have no security protected xss + csrf attack. Every
render reference point need programmer writing code as
"$stringEscapedUtil.escapedHtml($ref)". But the such code will be forgoten
by programmer, especialy a newbie. So security can not be handled at every
output.
Infact, every web page output need to be html encode , about more than
90%. The best solution we shuold do html encode for every output refrence
with default.Some spec Macro directive left 10% content output. The
attachment is my demo code (Infact we have deploy it in our product
enviroment). The code implementation is very ugly, but bring us security
sophisticated. Maybe it can bring Velocity Dev Team some idea on web
security.
Sorry for my code's coment writing in chinese. I think the code is very
simple. I explain it now:
1. html/xml encode part, I copy it from apache commons component, and
rewrite it for performace issue and remove encode for non-ascii unicode.
Encode all unicode chars are not wize , cause more large web page and cause
debug problem.
2. I implement xml/html/javascript/XSS filtter. I think Xss filter
shuold be optional, because it has many security rules.
It is ONLY a adive.
Leon Liu
package com.alibaba.china.fasttext.security.velocity;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
import java.util.BitSet;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.velocity.app.event.ReferenceInsertionEventHandler;
import com.alibaba.china.fasttext.security.xss.Policy;
import com.alibaba.china.fasttext.security.xss.PolicyException;
import com.alibaba.china.fasttext.security.xss.XssXppScanner;
/**
* <pre>
* 1.htmlÊä³ö, ʲô¶¼²»Ö´ÐУ¬ °´Ôʼ¸ñʽÊä³ö¡£ Ëû²¢²»ÊÇÕæÕýµÄ²»Ö´ÐÐÈκαä
* »¯£¬ ÒòΪËû»áÖ´ÐÐxssµÄ¹ýÂ˶¯×÷¡£Ò»¸ö·Ç³£¸´Ôӵݲȫ´¦Àí¹ý³Ì£¬ Èç¹û²»ÊÇÊä
* ³öHTML£¬ ÇëÎðʹÓᣠÕâ¸ö±íʾ½«»áÏûºÄ´óÁ¿µÄCPU´¦Àí¡£
* #ZHTML($html)
* 2.xml±àÂëÊä³ö£¬ ½«»áÖ´ÐÐ xml encodeÊä³ö
* #ZXML($xml)
* 3.js±àÂëÊä³ö , ½«»áÖ´ÐÐjavascript encodeÊä³ö
* #ZJS($js)
* 4.´¿Îı¾±àÂëÊä³ö, ½«»áÖ´ÐÐhtml encode
* $pureText
* 5. ÒѾ±»ÒµÎñ´úÂëescaped¹ýµÄÊä³ö
* Õâ¸öĿǰûÓÐʲôºÃµÄ°ì·¨£¬ Ö»ÄÜÐÞ¸ÄÒµÎñ´úÂ룬 È¥³ýÕâЩescapedµÄµØ·½¡£
* ʹÓÃfind . |grep java$ |xargs grep -i StringEscapeUtil.escapeHtml À´Ñ°ÕÒ
* ³ÌÐòÖгöÏֵģ¬ ÎÒÕÒÁËÏÂexodusÀïµÄ´úÂ룬 ÓÐ21¸öµØ·½ÊÇÕâô×öµÄ¡£ ÎÒÏëÕâ¸ö
* ÐÞ¸ÄÆðÀ´µÄÄѶÈÊDZȽϵ͵ġ£
* 6. ʹÓÃ$stringEscapeUtil.escapeHtml($text)Êä³öµÄµØ·½
* ÓÉÓÚ´úÂëÐÞ¸ÄÆðÀ´±È½ÏÂé·³£¬ ÎÒÃÇʹÓÃÒ»¸öºêÀ´´¦ÀíÕâ¸öÎÊÌâ, Õâ¸öʹÓÃÒ»¸öͳ
* Ò»Ìæ»»¹¤×÷¡£°Ñ$stringEscapeUtil.escapeHtml Ìæ»»³É
* #ZPURETEXT($text)
* 7. URLµÄÊä³ö, Ò²ÐíÎÒÃǾͽ«À´Òª×öURLµÄ°²È«¼ì²é£¬ Òò´Ë£¬ ÇëÎðʹÓÃÔÚ·ÇURL³ö
* Ïֵĵط½ ËäÈ»ËûʲôתÒ嶼²»×ö¡£
* Ò»°ãÇé¿öÏ£¬ ÎÒÃǵÄURLÊä³öʹÓÃURIBoker¶ÔÏó£¬ µ«ÊÇ£¬ ÎÒ×¢Òâµ½ÁË£¬ Óв¿·Ö
* URLʹÓÃÁËURIBoker.render() »òÕߣ¬ URIBoker.toString() ÕâôÊä³ö£¬ Õâ¸ö»á
* Ôì³ÉURL±»html encode. Õâ¸öÊǺÜÎÞÄεġ£
* Èç¹û·¢ÉúÕâ¸öÇé¿ö£¬ Çë¼ÓÉÏ
* #ZURL($url), Õâ¸öºêָʾÁ˲»ÒªÊ¹ÓÃhtml encode.
* 8. ΪÁ˱ÜÃâ·¢ÉúÆçÒ壬 #ZHTMLËäÈ»ÊDz»×ªÒ壬 µ«ÊÇÎÒÃÇÃ÷ȷ˵µÄÊÇHTML£¬ µ«
* ÊÇ£¬ Èç¹ûÕæÓв»ÐèҪתÒåµÄÇé¿ö³öÏÖ£¬ ÎÒÃÇ¿ÉÒÔʹÓÃ
* #ZLITERAL($text)
* tips: literal - ÕÕ×ÖÃæµÄ;ÔÒåµÄ.
*
* ¼ÓÒ»¸öZÊÇΪÁ˾¡Á¿±ÜÃâºÍÓ¦Óö¨ÒåµÄºê³öÏÖ³åÍ»£¬ ûÓбðµÄº¬Òå. µ«ÊÇÎÒÃÇÈÔÈ»
* Óм¸¸öµØ·½ÐèÒªÎÒÃÇ×¢ÒâµÄµØ·½£º
*
* 1£®À©Õ¹ÊµÏÖµÄÊDZàÂëÊä³öString¶ÔÏó£¬ Èç¹ûÄãÊä³öµÄ²»ÊÇString¶ÔÏó£¬ ÕâЩºê
* ²Ù×÷½«»áʧЧ£¬ Õâ¸öÊÇΪÁËÌá¸ßϵͳµÄ±àÂëÐÔÄÜ£¬²ÉÈ¡µÄ̬¶È¡£ Èç¹ûÒ»¸ö¶ÔÏóû
* ÓÐÖØÐÂʵÏÖtoString()µÄ£¬ Õâ¸ö¶ÔÏóµÄÊä³öÊDz»¿ÉÄÜÓÐhtml±àÂëµÄÎÊÌâµÄ¡£ÒòΪ
* Object.toStringʵÏÖµÄÊǶÔÏóµØÖ·£¬ ÁíÍâʵÏÖÁËtoStringµÄ·½·¨£¬ ÎÒÃǹÃÇÒÈÏ
* ΪÊÇ°²È«£¬ Õâ¸öËäÈ»ÑϸñÒâÒåÉÏÊDz»ÕýÈ·µÄ£¬µ«ÊÇ£¬ ÎÒÃǵÄϵͳµÄÈ·»ù±¾ÊÇÕâÑù
* ¹¤×÷µÄ¡£
* 2£®ÈçºÎ±ÜÃâÒ»¸öÊý¾Ý±»¶à´Îencode¡£
* Ê×ÏÈÎÒÃǼÙÉè $text="s&"
* a.$stringUtil.getXXX($text)
* Õâ¸öÐÎʽÊä³öÊÇ s&
* b.$stringUtil.getXXX("$text")
* Õâ¸öÐÎʽÊä³öÊÇ s&amp;
* Ϊʲô»áÕâÑùÄØ£¬""ÊǸæËßvelocity, ÏÈÊä³ö£¬ ºó°Ñ²ÎÊýË͸ø
* #stringUtil.getXXX. ÕâÊÇÒ»¸ö·Ç³£ÐèҪעÒâµÄµØ·½£¬Õâ¸öµØ·½µ¼ÖÂÁË´óÁ¿µÄµØ·½
* ÐèÒªÐ޸ĵĵط½¡£ Ò²ÊÇÄ¿Ç°×îÎÞÄεĵط½¡£Õâ¸ö
* Õâ¸ö»áÔì³ÉһЩ±äÐεÄÌØÊâÇé¿ö£¬ ±ÈÈç
* $stringUtil.equals("$text"£¬ "&")
* ÕâÑùÇé¿ö¾ÍÊÇ£¬ "$text", Õâ¸öÒѾ·¢Éúhtlml encode, È»¶ø "&"Êdz£Á¿£¬ ³£Á¿
* ÊÇÎÞ·¨±»×ªÒåµÄ£¬Òò´ËÕâ¸ö¾ÍÊÇ·¢ÉúÑÏÖصÄbug.
* ½â¾öµÄ°ì·¨ÊÇÕâôд£º
* $stringUtil.equals($text£¬ "&")
* c.$stringUtil.getXXX("the pro: $text")
* Õâ¸öÇé¿ö£¬ Ä¿Ç°ÎÒÃǵÄϵͳҲÊDZȽ϶࣬ ³£Á¿ÓëÊä³öµÄ»ìºÏ. ½â¾öÕâ¸öÎÊÌâµÄ°ì
* ·¨ÊÇ£ºHTML_XSS_FILTER
* $stringUtil.getXXX("the pro: #ZLITERAL($text)")
*
* d.$control.setTemplate($text)
* Õâ¸öϵͳ»á×Ô¶¯´¦Àí
* e.$stringUtil.escapeHtml($text)
* Õâ¸öÉÏÃæµÄµÚ6Ìõ×÷³öÁ˽âÊÍ
* f.$screen_placeholder
* Õâ¸öϵͳ»á×Ô¶¯´¦Àí
*
* </pre>
*
* @author leon
*/
public class SecurityReferenceInsertionEventHandler extends RootReferenceFilter implements ReferenceInsertionEventHandler {
private static final Log logger = LogFactory.getLog(SecurityReferenceInsertionEventHandler.class);
private XssXppScanner scanner;
public SecurityReferenceInsertionEventHandler(){
try {
scanner = new XssXppScanner(Policy.getLoosePolicyInstance());
} catch (PolicyException e) {
throw new RuntimeException(e);
}
}
/**
* @see ReferenceAction
*/
public Object referenceInsert(String reference, Object value) {
if (value instanceof String) {
ReferenceAction action = getReferenceAction(reference);
String retValue = (String) value;
switch (action) {
case HTML_XSS_FILTER:
retValue = scanner.scan(retValue);
break;
case JAVASCRIPT_ENCODE:
FastEntities.escapeJavaScript(retValue);
break;
case XML_ENCODE:
retValue = XML.escape(retValue);
break;
case LITERAL:
case URL_FILTER:// do nothing
break;
case HTML_ENCODE:
retValue = HTML40.escape(retValue);
break;
case PURE_TEXT_HTML_ENCODE:
retValue = HTML40.escape(retValue);
break;
case NOT_DEFINED:
default:
// ÔÚĬÈϵÄÇé¿öÏ£¬¡¡ÈÕÖ¾¼Ç¼£¬¡¡¿ÉÄÜÊÇhtmlµÄÊä³ö
if (logger.isDebugEnabled()) {
if (retValue.indexOf('<') > -1 && retValue.indexOf('>') > -1) {
logger.debug("reference=" + reference + " maybe is a html content");
}
}
retValue = HTML40.escape(retValue);
break;
}
return retValue;
}
return value;
}
}
/**
* <pre>
* HTML_XSS_FILTER: ʹÓÃxss¹ýÂ˹¤¾ßÊä³ö
* HTML_ENCODE: °´html encodeÊä³ö
* JAVASCRIPT_ENCODE: °´js encode Êä³ö
* XML_ENCODE: °´xml encodeÊä³ö
* LITERAL: °´ÔÀ´µÄÊä³ö
* URL_FILTER: ÔÝʱûÓÐ×öÈκαàÂëÐÐΪ
* PURE_TEXT_HTML_ENCODE: ¼æÈÝÔÀ´µÄϵͳʹÓ㬠ΪÁ˱ÜÃâ·¢Éú¶þ´Î±àÂë
* NOT_DEFINED: 䶨ÒåµÄ£¬ ʹÓÃhtml encode
* </pre>
*/
enum ReferenceAction {
HTML_XSS_FILTER, HTML_ENCODE, JAVASCRIPT_ENCODE, XML_ENCODE, LITERAL, URL_FILTER, PURE_TEXT_HTML_ENCODE,
NOT_DEFINED
}
/**
* <pre>
* #########html xss filter#############
* #macro(SHTML $SHTML_)$SHTML_#end
* #########xml encode #############
* #macro(SXML $SXML_)$SXML_#end
* #########javascript encode #############
* #macro(SJS $SJS_)$SJS_#end
* #########pure text html encode, it is a compatibility purpose, shun double escaped#############
* #macro(SPURETEXT $SPURETEXT_)$SPURETEXT_#end
* #########pure text as literal #############
* #macro(SLITERAL $SLITERAL_)$SLITERAL_#end
* #########url output #############
* #macro(SURL $SURL_)$SURL_#end
*</pre>
*/
class RootReferenceFilter extends FastEntities {
static Map<String, ReferenceAction> filter = new HashMap<String, ReferenceAction>();
static {
// system define
filter.put("$screen_placeholder", ReferenceAction.LITERAL);
// encode part
filter.put("$!{security_h_t_m_l_z}", ReferenceAction.HTML_XSS_FILTER);
filter.put("$!{security_x_m_l_z}", ReferenceAction.XML_ENCODE);
filter.put("$!{security_j_s_z}", ReferenceAction.JAVASCRIPT_ENCODE);
filter.put("$!{security_p_u_r_e_t_e_x_t_z}", ReferenceAction.HTML_ENCODE);
filter.put("$!{security_l_i_t_e_r_a_l_z}", ReferenceAction.LITERAL);
filter.put("$!{security_u_r_l_z}", ReferenceAction.URL_FILTER);
}
public static ReferenceAction getReferenceAction(String ref) {
ReferenceAction action = filter.get(ref);
if (action == null) {
action = ReferenceAction.NOT_DEFINED;
}
return action;
}
}
/**
* ¿ìËÙhtml/js/xml ±àÂëʵÏÖ
*/
class FastEntities extends FastDetectChar {
private static final String[][] BASIC_ARRAY = { { """, "34" }, { "&", "38" }, { "<", "60" },
{ ">", "62" }, };
private static final String[][] APOS_ARRAY = { { "'", "39" }, };
private static final String[][] ISO8859_1_ARRAY = { { " ", "160" }, { "¡", "161" },
{ "¢", "162" }, { "£", "163" }, { "¤", "164" }, { "¥", "165" },
{ "¦", "166" }, { "§", "167" }, { "¨", "168" }, { "©", "169" }, { "ª", "170" },
{ "«", "171" }, { "¬", "172" }, { "­", "173" }, { "®", "174" }, { "¯", "175" },
{ "°", "176" }, { "±", "177" }, { "²", "178" }, { "³", "179" }, { "´", "180" },
{ "µ", "181" }, { "¶", "182" }, { "·", "183" }, { "¸", "184" },
{ "¹", "185" }, { "º", "186" }, { "»", "187" }, { "¼", "188" },
{ "½", "189" }, { "¾", "190" }, { "¿", "191" }, { "À", "192" },
{ "Á", "193" }, { "Â", "194" }, { "Ã", "195" }, { "Ä", "196" },
{ "Å", "197" }, { "Æ", "198" }, { "Ç", "199" }, { "È", "200" },
{ "É", "201" }, { "Ê", "202" }, { "Ë", "203" }, { "Ì", "204" },
{ "Í", "205" }, { "Î", "206" }, { "Ï", "207" }, { "Ð", "208" },
{ "Ñ", "209" }, { "Ò", "210" }, { "Ó", "211" }, { "Ô", "212" },
{ "Õ", "213" }, { "Ö", "214" }, { "×", "215" }, { "Ø", "216" },
{ "Ù", "217" }, { "Ú", "218" }, { "Û", "219" }, { "Ü", "220" },
{ "Ý", "221" }, { "Þ", "222" }, { "ß", "223" }, { "à", "224" },
{ "á", "225" }, { "â", "226" }, { "ã", "227" }, { "ä", "228" },
{ "å", "229" }, { "æ", "230" }, { "ç", "231" }, { "è", "232" },
{ "é", "233" }, { "ê", "234" }, { "ë", "235" }, { "ì", "236" },
{ "í", "237" }, { "î", "238" }, { "ï", "239" }, { "ð", "240" },
{ "ñ", "241" }, { "ò", "242" }, { "ó", "243" }, { "ô", "244" },
{ "õ", "245" }, { "ö", "246" }, { "÷", "247" }, { "ø", "248" },
{ "ù", "249" }, { "ú", "250" }, { "û", "251" }, { "ü", "252" },
{ "ý", "253" }, { "þ", "254" }, { "ÿ", "255" }, };
private static final String[][] HTML40_ARRAY = { { "ƒ", "402" }, { "Α", "913" },
{ "Β", "914" }, { "Γ", "915" }, { "Δ", "916" }, { "Ε", "917" },
{ "Ζ", "918" }, { "Η", "919" }, { "Θ", "920" }, { "Ι", "921" }, { "Κ", "922" },
{ "Λ", "923" }, { "Μ", "924" }, { "Ν", "925" }, { "Ξ", "926" }, { "Ο", "927" },
{ "Π", "928" }, { "Ρ", "929" },
{ "Σ", "931" }, { "Τ", "932" }, { "Υ", "933" }, { "Φ", "934" }, { "Χ", "935" },
{ "Ψ", "936" }, { "Ω", "937" }, { "α", "945" }, { "β", "946" }, { "γ", "947" },
{ "δ", "948" }, { "ε", "949" }, { "ζ", "950" }, { "η", "951" },
{ "θ", "952" }, { "ι", "953" }, { "κ", "954" }, { "λ", "955" }, { "μ", "956" },
{ "ν", "957" }, { "ξ", "958" }, { "ο", "959" }, { "π", "960" }, { "ρ", "961" },
{ "ς", "962" }, { "σ", "963" }, { "τ", "964" }, { "υ", "965" },
{ "φ", "966" }, { "χ", "967" }, { "ψ", "968" }, { "ω", "969" }, { "ϑ", "977" },
{ "ϒ", "978" }, { "ϖ", "982" }, { "•", "8226" }, { "…", "8230" },
{ "′", "8242" }, { "″", "8243" }, { "‾", "8254" }, { "⁄", "8260" },
{ "℘", "8472" }, { "ℑ", "8465" }, { "ℜ", "8476" }, { "™", "8482" },
{ "ℵ", "8501" }, { "←", "8592" }, { "↑", "8593" }, { "→", "8594" },
{ "↓", "8595" }, { "↔", "8596" }, { "↵", "8629" }, { "⇐", "8656" },
{ "⇑", "8657" }, { "⇒", "8658" }, { "⇓", "8659" }, { "⇔", "8660" },
{ "∀", "8704" }, { "∂", "8706" }, { "∃", "8707" }, { "∅", "8709" },
{ "∇", "8711" }, { "∈", "8712" }, { "∉", "8713" }, { "∋", "8715" },
{ "∏", "8719" }, { "∑", "8721" }, { "−", "8722" }, { "∗", "8727" },
{ "√", "8730" }, { "∝", "8733" }, { "∞", "8734" }, { "∠", "8736" },
{ "∧", "8743" }, { "∨", "8744" }, { "∩", "8745" }, { "∪", "8746" }, { "∫", "8747" },
{ "∴", "8756" }, { "∼", "8764" }, { "≅", "8773" }, { "≈", "8776" },
{ "≠", "8800" }, { "≡", "8801" }, { "≤", "8804" }, { "≥", "8805" }, { "⊂", "8834" },
{ "⊃", "8835" }, { "⊆", "8838" }, { "⊇", "8839" }, { "⊕", "8853" },
{ "⊗", "8855" }, { "⊥", "8869" }, { "⋅", "8901" }, { "⌈", "8968" },
{ "⌉", "8969" }, { "⌊", "8970" }, { "⌋", "8971" }, { "⟨", "9001" },
{ "⟩", "9002" }, { "◊", "9674" }, { "♠", "9824" }, { "♣", "9827" },
{ "♥", "9829" }, { "♦", "9830" }, { "Œ", "338" }, { "œ", "339" },
{ "Š", "352" }, { "š", "353" }, { "Ÿ", "376" }, { "ˆ", "710" },
{ "˜", "732" }, { " ", "8194" }, { " ", "8195" }, { " ", "8201" },
{ "‌", "8204" }, { "‍", "8205" }, { "‎", "8206" }, { "‏", "8207" }, { "–", "8211" },
{ "—", "8212" }, { "‘", "8216" }, { "’", "8217" }, { "‚", "8218" },
{ "“", "8220" }, { "”", "8221" }, { "„", "8222" }, { "†", "8224" },
{ "‡", "8225" }, { "‰", "8240" }, { "‹", "8249" }, { "›", "8250" },
{ "€", "8364" }, };
public static final FastEntities XML;
public static final FastEntities HTML40;
static {
XML = new FastEntities();
XML.addEntities(BASIC_ARRAY);
XML.addEntities(APOS_ARRAY);
}
static {
HTML40 = new FastEntities();
HTML40.addEntities(BASIC_ARRAY);
HTML40.addEntities(ISO8859_1_ARRAY);
HTML40.addEntities(HTML40_ARRAY);
}
public void addEntities(String[][] entityArray) {
for (int i = 0; i < entityArray.length; ++i) {
char c = (char) Integer.parseInt(entityArray[i][1]);
addEntity(c, entityArray[i][0]);
this.addTransferChar(c);
}
}
/**
* <pre>
* ×öÁ˼¸¸öÓÐËٶȵĴ¦Àí, ÔںܶàÇé¿öÏ£¬¿ÉÄÜÌá¸ß£±£°±¶ÒÔÉϵÄÐÔÄÜ£¬¡¡ÒÔ¼°½ÚÔ¼²»ÉÙÄÚ´æʹÓá£
* 1.·µ»Ø½á¹û¸ù¾Ýʱºò·¢ÉúÁ˱àÂë½øÐиĽø£¬¡¡Èç¹ûûÓз¢Éú±àÂ룬ÄÇôֱ½Ó·µ»ØÔÀ´µÄstr.
* 2.¿ìËÙ¼ì²éÊÇ·ñÒª½øÐÐתÂë
* 3.ʹÓÿìËÙ²é±í£¬¡¡¶Ô0-255µÄ×Ö·û½øÐпìËÙ²éÕÒ
* </pre>
*
* @param str
* @return
*/
public String escape(String str) {
if (str == null) {
return null;
}
StringBuilder buffer = null;
int len = str.length();
char ch;
char[] entityName;
for (int i = 0; i < len; i++) {
ch = str.charAt(i);
entityName = getEntity(ch);
if (entityName == null) {
if (buffer != null) {
buffer.append(ch);
}
} else {
if (buffer == null) {
buffer = new StringBuilder(str.length() << 1);
buffer.append(str, 0, i);
}
buffer.append(entityName);
}
}
if (buffer != null) {
return buffer.toString();
} else {
return str;
}
}
public static String escapeJavaScript(String str) {
if (str == null) {
return null;
}
int length = str.length();
Writer out = new StringWriter(length << 1);
try {
for (int i = 0; i < length; i++) {
char ch = str.charAt(i);
if (ch < 32) {
switch (ch) {
case '\b':
out.write('\\');
out.write('b');
break;
case '\n':
out.write('\\');
out.write('n');
break;
case '\t':
out.write('\\');
out.write('t');
break;
case '\f':
out.write('\\');
out.write('f');
break;
case '\r':
out.write('\\');
out.write('r');
break;
default:
if (ch > 0xf) {
out.write("\\u00" + Integer.toHexString(ch).toUpperCase());
} else {
out.write("\\u000" + Integer.toHexString(ch).toUpperCase());
}
break;
}
} else {
switch (ch) {
case '\'':
out.write('\\');
out.write('\'');
break;
case '"':
out.write('\\');
out.write('"');
break;
case '\\':
out.write('\\');
out.write('\\');
break;
default:
out.write(ch);
break;
}
}
}
} catch (IOException e) {
// impossible
}
return out.toString();
}
}
class FastDetectChar {
private Map<Character, char[]> map = new HashMap<Character, char[]>();
private int LOOKUP_TABLE_SIZE = 256;
private char[][] lookupTable = new char[LOOKUP_TABLE_SIZE][];
BitSet maskSet = new BitSet(1 << 16);
public void addEntity(char charValue, String entiryName) {
if (charValue > -1 && charValue < LOOKUP_TABLE_SIZE) {
lookupTable[charValue] = entiryName.toCharArray();
}
map.put(charValue, entiryName.toCharArray());
}
public char[] getEntity(char charValue) {
if (charValue < LOOKUP_TABLE_SIZE) {
return lookupTable[charValue];
}
return (maskSet.get(charValue) ? map.get(charValue) : null);
}
/**
* Ôö¼ÓÒ»¸öÌøÔ½×Ö·û
*
* @param c
*/
public void addTransferChar(char c) {
maskSet.set(c);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
