[cvs]
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/filters
AllowedHtmlPlusURLFilter.java
JCorporate Ltd
jcorp at jcorp2.servlets.net
Wed Aug 4 16:16:08 PDT 2004
Update of /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/filters
In directory jcorp2.servlets.net:/tmp/cvs-serv28085/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/filters
Added Files:
AllowedHtmlPlusURLFilter.java
Log Message:
no message
--- NEW FILE: AllowedHtmlPlusURLFilter.java ---
package com.jcorporate.expresso.core.security.filters;
/**
* This class provides a filter implementation for HTML output, protecting against
* XSS exploits, but allows a small subset of HTML through, for simple formatting.
* It also creates anchor (<a>) tags for anything that starts with 'http://', 'www.', etc.
*
* @author Patricia Schank
*/
public class AllowedHtmlPlusURLFilter extends HtmlPlusURLFilter {
public static final String[] ALLOWED_HTML = {
"<p>", "</p>", "<br>",
"<b>", "</b>", "<i>", "</i>", "<em>", "</em>", "<strong>", "</strong>",
"<blockquote>", "</blockquote>",
"<ol>", "</ol>", "<ul>", "</ul>", "<li>", "</li>", "<tt>", "</tt>"
};
/**
* No-arg constructor required
* Just append special html filtering string list with allowed html
*/
public AllowedHtmlPlusURLFilter()
throws IllegalArgumentException {
super(appendArrays(SPECIAL_STRING_LIST, ALLOWED_HTML),
appendArrays(REPLACE_LIST, ALLOWED_HTML));
}
private static String[] appendArrays(String[] array1, String[] array2) {
if (array1 == null || array2 == null) return null;
int totalLength = array1.length + array2.length;
String resultArray[] = new String[totalLength];
for (int i = 0; i < array1.length; i++) {
resultArray[i] = array1[i];
}
for (int i = 0; i < array2.length; i++) {
resultArray[array1.length + i] = array2[i];
}
return resultArray;
}
}
More information about the cvs
mailing list