Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Expresso 5-6
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.jcorporate.expresso.core.security.filters
Class HtmlPlusURLFilter

java.lang.Object
  extended bycom.jcorporate.expresso.core.security.filters.Filter
      extended bycom.jcorporate.expresso.core.security.filters.HtmlFilter
          extended bycom.jcorporate.expresso.core.security.filters.HtmlPlusURLFilter
Direct Known Subclasses:
AllowedHtmlPlusURLFilter
public class HtmlPlusURLFilter
extends HtmlFilter

This class provides a filter implementation for HTML output, protecting against XSS exploits, plus it creates anchor () tags for anything that starts with 'http://', 'www.', etc.

Author:
Larry Hamel and Patti Schank

Field Summary
static String MAX_CHARS_IN_URL_LABEL
          Name for Setup value which decides if we are limiting anchor labels
static String[] URL_INFORMAL_PREFIXES
           
static String[] URL_TYPES
           
 
Fields inherited from class com.jcorporate.expresso.core.security.filters.HtmlFilter
REPLACE_LIST, SPECIAL_STRING_LIST
 
Constructor Summary
HtmlPlusURLFilter()
          No-args constructor required
HtmlPlusURLFilter(String[] specialStringList, String[] replaceList)
          Constructor for passing strings and their replacements
 
Method Summary
static String addHttpPrefixIfNeeded(String url)
          Given a url string, if it's null or equals "" then just return it as is.
static int findEndOfHref(String s, int start)
          Finds the end of a hyperlink
static String getWebHostPort(ControllerRequest request)
          Get web server address
static boolean hasValidUrlPrefix(String url)
          Return true if the url has a valid prefix, like http://
static String insertHrefTags(String s)
          Insert a href tag around any http, https, www, or www2 strings
static boolean isValidUrl(String url)
          Return true if the url is valid.
 String standardFilter(String data)
          This filter HTML encodes all special characters defined by the replacement list.
 
Methods inherited from class com.jcorporate.expresso.core.security.filters.Filter
rawFilter, stripFilter
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

URL_TYPES

public static final String[] URL_TYPES

URL_INFORMAL_PREFIXES

public static final String[] URL_INFORMAL_PREFIXES

MAX_CHARS_IN_URL_LABEL

public static final String MAX_CHARS_IN_URL_LABEL
Name for Setup value which decides if we are limiting anchor labels

See Also:
Constant Field Values
Constructor Detail

HtmlPlusURLFilter

public HtmlPlusURLFilter()
                  throws IllegalArgumentException
No-args constructor required

HtmlPlusURLFilter

public HtmlPlusURLFilter(String[] specialStringList,
                         String[] replaceList)
                  throws IllegalArgumentException
Constructor for passing strings and their replacements

Parameters:
specialStringList - Strings to replace
replaceList - The replacement strings
Method Detail

standardFilter

public String standardFilter(String data)
This filter HTML encodes all special characters defined by the replacement list. If a particular character doesn't exist in the map, then the chracter is passed appended into the result set. If it does exist, then the value the special character maps to is appended into the list instead.

Overrides:
standardFilter in class Filter
Parameters:
data - The string to encode.
Returns:
The filtered string

addHttpPrefixIfNeeded

public static String addHttpPrefixIfNeeded(String url)
Given a url string, if it's null or equals "" then just return it as is. Otherwise check if it is valid form, that is, starts with http:// or ftp:// or some other valid url prefix. If not, prepend http://.

Parameters:
url - The url string
Returns:
The url with http:// prepended, if needed

hasValidUrlPrefix

public static boolean hasValidUrlPrefix(String url)
Return true if the url has a valid prefix, like http://

Parameters:
url -
Returns:

isValidUrl

public static boolean isValidUrl(String url)
Return true if the url is valid. Checks that it is not null, that it has a valid prefix, and that it contains a dot (must, to have a domain name) and at least 2 characters after the dot (the domain). Add more tests here as appropriate.

Parameters:
url - The candidate URL to check
Returns:
True if the URL is valid

getWebHostPort

public static String getWebHostPort(ControllerRequest request)
Get web server address

Returns:
the address of this web server

insertHrefTags

public static String insertHrefTags(String s)
Insert a href tag around any http, https, www, or www2 strings

Parameters:
s - The string to search in and insert
Returns:
A String with tags and http:// if needed

findEndOfHref

public static int findEndOfHref(String s,
                                int start)
Finds the end of a hyperlink

Parameters:
s - The string
start - The url's starting index
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Expresso 5-6
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Please see www.jcorporate.com for information about new Expresso releases.