Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

net.sourceforge.blogentis.utils
Class StringUtils

java.lang.Object
  extended bynet.sourceforge.blogentis.utils.StringUtils
public class StringUtils
extends java.lang.Object

Utilities for String formatting, manipulation, and queries. More information about this class is available from ostermiller.org . This class has been trimmed down by abas@aix.meng.auth.gr

Constructor Summary
StringUtils()
           
 
Method Summary
static java.lang.String convertBreaks(java.lang.String text)
           
static java.lang.String entityfyHTML(java.lang.String s)
           
static java.lang.String escapeHTML(java.lang.String s)
          Replaces characters that may be confused by a HTML parser with their equivalent character entity references.
static java.lang.String removeTags(java.lang.String s)
           
static java.lang.String unescapeHTML(java.lang.String s)
          Turn any HTML escape entities in the string into characters and return the resulting string.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

StringUtils

public StringUtils()
Method Detail

escapeHTML

public static java.lang.String escapeHTML(java.lang.String s)
Replaces characters that may be confused by a HTML parser with their equivalent character entity references.

Any data that will appear as text on a web page should be be escaped. This is especially important for data that comes from untrusted sources such as Internet users. A common mistake in CGI programming is to ask a user for data and then put that data on a web page. For example: 

 
  
   Server: What is your name?
   User: <b>Joe<b>
   Server: Hello <b>Joe</b>, Welcome
If the name is put on the page without checking that it doesn't contain HTML code or without sanitizing that HTML code, the user could reformat the page, insert scripts, and control the the content on your web server.

This method will replace HTML characters such as > with their HTML entity reference (&gt;) so that the html parser will be sure to interpret them as plain text rather than HTML or script.

This method should be used for both data to be displayed in text in the html document, and data put in form elements. For example:
<html><body>This in not a &lt;tag&gt; in HTML</body></html>
and
<form><input type="hidden" name="date" value="This data could be &quot;malicious&quot;"></form>
In the second example, the form data would be properly be resubmitted to your cgi script in the URLEncoded format:
This data could be %22malicious%22

Parameters:
s - String to be escaped
Returns:
escaped String
Throws:
java.lang.NullPointerException - if s is null.

unescapeHTML

public static java.lang.String unescapeHTML(java.lang.String s)
Turn any HTML escape entities in the string into characters and return the resulting string.

Parameters:
s - String to be unescaped.
Returns:
unescaped String.
Throws:
java.lang.NullPointerException - if s is null.

entityfyHTML

public static java.lang.String entityfyHTML(java.lang.String s)

removeTags

public static java.lang.String removeTags(java.lang.String s)

convertBreaks

public static java.lang.String convertBreaks(java.lang.String text)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003-2004 SourceForge.net. All Rights Reserved.