public final class HTMLFilter extends Object
HTML filtering utility for protecting against XSS (Cross Site Scripting).
This code is licensed LGPLv3
This code is a Java port of the original work in PHP by Cal Hendersen. http://code.iamcal.com/php/lib_filter/
The trickiest part of the translation was handling the differences in regex handling between PHP and Java. These resources were helpful in the process:
http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php http://www.regular-expressions.info/modifiers.html
A note on naming conventions: instance variables are prefixed with a "v"; global constants are in all caps.
Sample use: String input = ... String clean = new HTMLFilter().filter( input );
The class is not thread safe. Create a new instance if in doubt.
If you find bugs or have suggestions on improvement (especially regarding performance), please contact us. The latest version of this source, and our contact details, can be found at http://xss-html-filter.sf.net
| 构造器和说明 |
|---|
HTMLFilter()
Default constructor.
|
HTMLFilter(boolean debug)
Set debug flag to true.
|
HTMLFilter(Map<String,Object> conf)
Map-parameter configurable constructor.
|
| 限定符和类型 | 方法和说明 |
|---|---|
static String |
chr(int decimal) |
String |
filter(String input)
given a user submitted input String, filter out any invalid or restricted
html.
|
static String |
htmlSpecialChars(String s) |
boolean |
isAlwaysMakeTags() |
boolean |
isStripComments() |
public HTMLFilter()
public HTMLFilter(boolean debug)
debug - turn debug on with a true argumentpublic static String chr(int decimal)
public String filter(String input)
input - text (i.e. submitted by a user) than may contain htmlpublic boolean isAlwaysMakeTags()
public boolean isStripComments()
Copyright © 2025 姹熻嫃鍗楀ぇ鍏堣吘淇℃伅浜т笟鑲′唤鏈夐檺鍏徃. All rights reserved.