Login | Register
My pages Projects Community openCollabNet

Discussions > cvs > CVS update: joist/java/org/joist/util TagValidator.java

Project highlights: Architectural Overview

joist
Discussion topic

Hide all messages in topic

All messages in topic

CVS update: joist/java/org/joist/util TagValidator.java

Author ms
Full name zxcv
Date 2001-01-24 19:07:59 PST
Message User: ms
  Date: 01/01/24 19:07:59

  Modified: java/org/joist/util TagValidator.java
  Log:
  Added a few methods ,
  boolean containsHTML(uncleanString) - check for html in uncleanString, true if it has
  HTML
  String escapeHTML(uncleanString) - convert's '<' and '>' into &gt; &lt; so they can
  be redisplayed without worry.
  
  also, removed code that shouldnt be there for the databaseTest() , assuming it should
  be there at all?
  
  Revision Changes Path
  1.6 +112 -18 joist/java/org/joist​/util/TagValidator.j​ava
  
  Index: TagValidator.java
  ====================​====================​====================​=======
  RCS file: /cvs/joist/java/org/​joist/util/TagValida​tor.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- TagValidator.java 2000/10/24 23:59:08 1.5
  +++ TagValidator.java 2001/01/25 03:07:59 1.6
  @@ -1,8 +1,55 @@
  +/* ====================​====================​====================​====
  + * Copyright (c) 2000 CollabNet. All rights reserved.
  + *
  + * Redistribution and use in source and binary forms, with or without
  + * modification, are permitted provided that the following conditions are
  + * met:
  + *
  + * 1. Redistributions of source code must retain the above copyright
  + * notice, this list of conditions and the following disclaimer.
  + *
  + * 2. Redistributions in binary form must reproduce the above copyright
  + * notice, this list of conditions and the following disclaimer in the
  + * documentation and/or other materials provided with the distribution.
  + *
  + * 3. The end-user documentation included with the redistribution, if
  + * any, must include the following acknowlegement: "This product includes
  + * software developed by CollabNet (http://www.collab.net/)."
  + * Alternately, this acknowlegement may appear in the software itself, if
  + * and wherever such third-party acknowlegements normally appear.
  + *
  + * 4. The hosted project names must not be used to endorse or promote
  + * products derived from this software without prior written
  + * permission. For written permission, please contact info at collab dot net.
  + *
  + * 5. Products derived from this software may not use the "Tigris" name
  + * nor may "Tigris" appear in their names without prior written
  + * permission of CollabNet.
  + *
  + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
  + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  + * IN NO EVENT SHALL COLLABNET OR ITS CONTRIBUTORS BE LIABLE FOR ANY
  + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
  + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  + *
  + * ====================​====================​====================​========
  + *
  + * This software consists of voluntary contributions made by many
  + * individuals on behalf of CollabNet.
  + */
  +
   package org.joist.util;
   
   import java.util.*;
   import java.sql.*;
   import org.apache.oro.text.regex.*;
  +import org.apache.oro.text.perl.*;
   
   /**
     * Checks that Content contains only tags from an accepted set.
  @@ -19,7 +66,8 @@
     *
     * @author David C. Pellegrini <A HREF="mailto:davidp@​dataweb-systems.com"​>davidp@dataweb-s​ystems.com</A>​
     * @author Jon S. Stevens <A HREF="mailto:jon@lat​chkey.com">jon@la​tchkey.com</A>​
  - * @version $Revision: 1.5 $
  + * @author Michael Salmon <a href="mailto:ms@coll​ab.net">ms@collab​.net</a>
  + * @version $Revision: 1.6 $
     */
   public class TagValidator
   {
  @@ -32,7 +80,7 @@
        "OL","OPTGROUP","P",​"PARAM","PRE","Q","S​","SAMP","SMALL","SP​ACER","SPAN","STRIKE​",
        "STRONG","STYLE","SU​B","SUP","TBODY","TD​","TFOOT","TH","THEA​D",
        "TR","TT","TABLE","U​","UL","VAR","WBR"};​
  -
  +
       static final private String[] attributes =
       {"ALIGN","BACKGROUND​","BGCOLOR","CHAR","​CHAROFF","CITE","CLE​AR","COLOR",
        "COLS","FACE","GUTTE​R","HEIGHT","HREF","​SIZE","START","TYPE"​,"WIDTH",
  @@ -41,6 +89,7 @@
       static final private String frontRegExp = "<\\s*/?\\s*(\\s*";
       static final private String middleRegExp = "\\s*)\\s*\\b\\s*(\\s*(\\s*";
       static final private String endRegExp = "\\s*)\\s*(\\s​*=\\s*\"?[^<​>\\s]+\"?\\s*)​?\\s*)*\\s*>"​;
  +
       static final private String orDelim = "|";
       static final private String lt = "&lt;";
       static final private String gt = "&gt;";
  @@ -52,11 +101,12 @@
       static final private String substitution = "";
       static final private int limit = Util.SUBSTITUTE_ALL;
   
  - // For matching ...
  + // For matching ...
       static final private PatternCompiler matchCompiler = new Perl5Compiler();
       static final private PatternMatcher matchMatcher = new Perl5Matcher();
       static private Pattern matchPattern = null;
  - static final private String matchRegExp = "</?[^<>\\s]*>";
  +
  + static final private String matchRegExp = "</?[^<>\\s]*>";
   
       /**
        * Tests the operation of the methods.
  @@ -70,19 +120,18 @@
               input = "this is a <script> test";
           else
               input = args[0];
  -
               
           databaseTest();
       
       }
   
  + //REM??
       public static final void databaseTest()
       {
  - String username = "jon";
  + String username = "";
           String password = "";
  -// String host = "womb.collab.net";
  - String host = "yang.collab.net";
  - String db = "sourcex";
  + String host = "";
  + String db = "";
           String DRIVER_MM = "org.gjt.mm.mysql.Driver";
           String url = "jdbc:mysql://" + host + "/" + db;
           Statement stmt = null;
  @@ -117,7 +166,7 @@
                       {
   // System.out.println ("Row is empty: " + rowID );
                       }
  - else if ( ! validate(input, errorMsg ) )
  + else if ( ! validate(input) )
                       {
   // System.out.println ("Error in row: " + rowID );
                           System.out.println ("RowID: " + rowID + " Table: " + tables[i] + " Column: " + columns[i]);
  @@ -149,7 +198,7 @@
           StringBuffer sb = new StringBuffer();
           sb.append ( frontRegExp );
           boolean firstTime = true;
  - for ( int i=0; i<tags.length; i++ )
  + for ( int i=0; i < tags.length; i++ )
           {
               if (firstTime)
               {
  @@ -236,10 +285,9 @@
        * is either clean, or contains tags that are not allowed.
        *
        * @param inputString A variable of type String
  - * @param errorMsg the StringBuffer for any error message text
        * @return a boolean indicating whether the HTML was OK
        */
  - public static boolean validate (String inputString, StringBuffer errorMsg)
  + public static boolean validate (String inputString)
       {
           // Bootstrap the first time through ...
           if (substPattern == null)
  @@ -256,7 +304,6 @@
                               Perl5Compiler.CASE_I​NSENSITIVE_MASK);
                       }
                       catch (MalformedPatternException ignored){};
  -
                   }
               }
           }
  @@ -270,12 +317,59 @@
   
           boolean clean = true;
           MatchResult result = null;
  - while (matchMatcher.contains(input, matchPattern))
  + if (matchMatcher.contains(input, matchPattern))
           {
  - result = matchMatcher.getMatch();
  - errorMsg.append(resu​lt.toString()).appen​d (" ");
  - clean = false;
  + clean = false;
           }
           return clean;
  + }
  +
  + /**
  + * Check if there are any HTML tags in the string at all
  + *
  + * @param inputString - String to check
  + * @return boolean indicating existence of HTML tag(s)
  + */
  +
  + public static boolean containsHTML (String inputString)
  + {
  + boolean foundHTML = false;
  + try
  + {
  + matchPattern = matchCompiler.compil​e(matchRegExp,
  + Perl5Compiler.CASE_I​NSENSITIVE_MASK);
  + // First, strip out all occurrences of valid HTML tags.
  +
  + PatternMatcherInput input = new PatternMatcherInput(​inputString);
  +
  + MatchResult result = null;
  + if (matchMatcher.contains(input, matchPattern))
  + {
  + foundHTML = true;
  + }
  +
  + }
  + catch (MalformedPatternException ignored)
  + {}
  + return foundHTML;
  + }
  +
  + /**
  + * Escape HTML tag's so they can be displayed as static text
  + * @param String - to be cleaned
  + * @return String
  + */
  + public static String escapeHTML(String unclean)
  + {
  + Perl5Util util = new Perl5Util();
  + try
  + {
  + unclean = util.substitute("s/​</&lt;/g", unclean);
  + unclean = util.substitute("s/​>/&gt;/g", unclean);
  + // it is now clean, somewhat
  + }
  + catch (MalformedPerl5PatternException ignored)
  + {}
  + return unclean;
       }
   }
Messages per page: