org.loom.util
Class HtmlSanitizer

java.lang.Object
  org.loom.util.HtmlSanitizer

public class HtmlSanitizer
extends java.lang.Object

Replace invalid characters of a string. Escapes quotation (") and start of tag character (<) to prevent manipulation of tag attributes and elements in the HTML code. For details on this, see: http://code.google.com/docreader/#p(doctype)s(doctype)t(ArticlesXSS)

Constructor Summary

HtmlSanitizer()

Method Summary

protected java.lang.String	replaceIllegalAttributeChars(java.lang.String value, int index) Replace all illegal characters with valid string representations
static java.lang.String	sanitize(java.lang.String s)
protected java.lang.String	sanitizeImpl(java.lang.String value) Replace illegal characters in a value.
static java.lang.String	stripTags(java.lang.String value) Removes all tags from the supplied String argument.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HtmlSanitizer

public HtmlSanitizer()

Method Detail

sanitizeImpl

protected java.lang.String sanitizeImpl(java.lang.String value)

Replace illegal characters in a value. This method is thought to be as fast as possible. Most calls will not need any character substitution, so it is skipped if possible

replaceIllegalAttributeChars

protected java.lang.String replaceIllegalAttributeChars(java.lang.String value,
                                                        int index)

Replace all illegal characters with valid string representations

Parameters:

index - indfex of the first failed character

stripTags

public static java.lang.String stripTags(java.lang.String value)

Removes all tags from the supplied String argument.

sanitize

public static java.lang.String sanitize(java.lang.String s)