public final class HTMLFilter extends Object
HTML filtering utility for protecting against XSS (Cross Site Scripting).
This code is licensed LGPLv3
This code is a Java port of the original work in PHP by Cal Hendersen. http://code.iamcal.com/php/lib_filter/
The trickiest part of the translation was handling the differences in regex handling between PHP and Java. These resources were helpful in the process:
http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php http://www.regular-expressions.info/modifiers.html
A note on naming conventions: instance variables are prefixed with a "v"; global constants are in all caps.
Sample use: String input = ... String clean = new HTMLFilter().filter( input );
The class is not thread safe. Create a new instance if in doubt.
If you find bugs or have suggestions on improvement (especially regarding performance), please contact us. The latest version of this source, and our contact details, can be found at http://xss-html-filter.sf.net
| Constructor and Description |
|---|
HTMLFilter()
Default constructor.
|
HTMLFilter(boolean debug)
Set debug flag to true.
|
HTMLFilter(Map<String,Object> conf)
Map-parameter configurable constructor.
|
| Modifier and Type | Method and Description |
|---|---|
static String |
chr(int decimal) |
String |
filter(String input)
given a user submitted input String, filter out any invalid or restricted
html.
|
static String |
htmlSpecialChars(String s) |
boolean |
isAlwaysMakeTags() |
boolean |
isStripComments() |
public HTMLFilter()
public HTMLFilter(boolean debug)
debug - turn debug on with a true argumentpublic static String chr(int decimal)
public String filter(String input)
input - text (i.e. submitted by a user) than may contain htmlpublic boolean isAlwaysMakeTags()
public boolean isStripComments()
Copyright © 2024 江苏南大先腾信息产业股份有限公司. All rights reserved.