List of usage examples for com.google.gwt.safehtml.shared SafeHtmlUtils htmlEscapeAllowEntities
public static String htmlEscapeAllowEntities(String text)
From source file:ch.systemsx.sybit.crkwebui.client.commons.util.ExtendedHtmlSanitizer.java
License:Apache License
/** * Sanitazes string by escaping non-white listed tags. * @param text string to sanitize//from w w w . j av a 2s. c o m * @return sanitized string */ private String simpleSanitize(String text) { StringBuilder sanitized = new StringBuilder(); boolean firstSegment = true; for (String segment : text.split("<", -1)) { if (firstSegment) { firstSegment = false; sanitized.append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); } else { int tagStart = 0; int tagEnd = segment.indexOf('>'); String tag = null; boolean isValidTag = false; boolean isEnclosedTag = false; if (tagEnd > 0) { if (segment.charAt(0) == '/') { tagStart = 1; } else if (segment.charAt(tagEnd - 1) == '/') { isEnclosedTag = true; } if (isEnclosedTag) { tag = segment.substring(tagStart, tagEnd - 1); } else { tag = segment.substring(tagStart, tagEnd); } if (ALLOWED_TAGS.contains(tag)) { isValidTag = true; } } if (isValidTag) { if (tagStart == 0) { sanitized.append('<'); } else { sanitized.append("</"); } sanitized.append(tag); if (isEnclosedTag) { sanitized.append('/'); } sanitized.append('>'); sanitized.append(SafeHtmlUtils.htmlEscapeAllowEntities(segment.substring(tagEnd + 1))); } else { sanitized.append("<").append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); } } } return sanitized.toString(); }
From source file:com.dianaui.universal.core.client.ui.base.helper.SourceCodeHelper.java
License:Apache License
/** * If source code contains "\n" it will be replaced by a {@code <br>} element and "\s" will be replaced by a whitespace. * * @param code Unformatted source code/* ww w . j av a2s . co m*/ * @return Formatted source code in HTML for use in {@link com.dianaui.universal.core.client.ui.Pre} or {@link com.dianaui.universal.core.client.ui.Code} */ public static SafeHtml parseCode(final String code) { final SafeHtmlBuilder builder = new SafeHtmlBuilder(); final String[] splitted = code.replaceAll("\\\\s", " ").split("\\\\n\\s?"); for (final String s : splitted) { builder.append(SafeHtmlUtils.fromTrustedString(SafeHtmlUtils.htmlEscapeAllowEntities(s))); builder.appendHtmlConstant("<br>"); } return builder.toSafeHtml(); }
From source file:com.github.gwtbootstrap.client.ui.Code.java
License:Apache License
/** * Sets the widget's text./*from ww w. j a v a 2 s.com*/ * <p> * Any HTML content is escaped and displayed as text. * * @param html * the text to be set */ public void setHTML(String html) { getElement().setInnerHTML(SafeHtmlUtils.htmlEscapeAllowEntities(html)); }
From source file:com.sencha.gxt.core.shared.ExpandedHtmlSanitizer.java
License:sencha.com license
private static String simpleSanitize(String text) { StringBuilder sanitized = new StringBuilder(); boolean firstSegment = true; for (String segment : text.split("<", -1)) { if (firstSegment) { /*/*w ww . ja va 2 s . co m*/ * the first segment is never part of a valid tag; note that if the * input string starts with a tag, we will get an empty segment at the * beginning. */ firstSegment = false; sanitized.append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); continue; } /* * determine if the current segment is the start of an attribute-free tag * or end-tag in our whitelist */ int tagStart = 0; // will be 1 if this turns out to be an end tag. int tagEnd = segment.indexOf('>'); String tag = null; boolean isValidTag = false; if (tagEnd > 0) { if (segment.charAt(0) == '/') { tagStart = 1; } tag = segment.substring(tagStart, tagEnd); if (TAG_WHITELIST.contains(tag)) { isValidTag = true; } } if (isValidTag) { // append the tag, not escaping it if (tagStart == 0) { sanitized.append('<'); } else { // we had seen an end-tag sanitized.append("</"); } sanitized.append(tag).append('>'); // append the rest of the segment, escaping it sanitized.append(SafeHtmlUtils.htmlEscapeAllowEntities(segment.substring(tagEnd + 1))); } else { // just escape the whole segment sanitized.append("<").append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); } } return sanitized.toString(); }
From source file:cz.cas.lib.proarc.webapp.client.widget.PageMetadataEditor.java
License:Open Source License
private void setPreview() { String prefixValue = getPrefix(); String suffixValue = getSuffix(); Iterator<String> sequence = getSequence(); StringBuilder sequenceItem = new StringBuilder(); for (int i = 0; i < 3; i++) { if (prefixValue != null) { sequenceItem.append(prefixValue); }// www . j av a 2 s . c o m if (sequence != null) { sequenceItem.append(sequence.next()); } else { // sequenceItem.append("<err>"); } if (suffixValue != null) { sequenceItem.append(suffixValue); } if (sequenceItem.length() > 0) { sequenceItem.append(", "); } else { break; } } if (sequenceItem.length() > 0) { sequenceItem.append("..."); } String example = SafeHtmlUtils.htmlEscapeAllowEntities(sequenceItem.toString()); numberExample.setValue(example); numberExample.setPrompt(example); }
From source file:de.zalanod.security.sanitizer.SimpleHtmlSanitizerCopy.java
License:Apache License
private String simpleSanitize(final String text) { final StringBuilder sanitized = new StringBuilder(text.length()); boolean firstSegment = true; boolean isValidTag = false; final StringBuilder builderForSanitizedAttrSegment = new StringBuilder(); final ArrayList<String> validTagStack = Lists.newArrayList(); for (String segment : text.split("<", -1)) { if (firstSegment) { /*//w ww . ja v a 2 s.com * the first segment is never part of a valid tag; note that if the * input string starts with a tag, we will get an empty segment at the * beginning. */ firstSegment = false; sanitized.append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); continue; } /* * determine if the current segment is the start of an attribute-free tag * or end-tag in our white list */ final String tag = extractTag(segment); if (tag != null) { if (isEndTag(segment)) { if (!validTagStack.isEmpty()) { isValidTag = validTagStack.get(validTagStack.size() - 1).equals(tag); validTagStack.remove(validTagStack.size() - 1); } } else if (!isEndTag(segment) || isValidTag) { isValidTag = isTagDefinedInWhiteList(tag); if (isValidTag) { final String actualTag = extractActualTag(tag); final String attributeSegment = extractAttributeSegment(tag); isValidTag = checkIfAttributesAreInWhiteListAndSanitizeValues( builderForSanitizedAttrSegment, actualTag, attributeSegment); } } } if (isValidTag) { final String actualTag = extractActualTag(tag); closeValidTag(segment, actualTag, builderForSanitizedAttrSegment, sanitized); if (!isEndTag(segment) && hasEndTag(segment)) { validTagStack.add(actualTag); } } else { closeInvalidTag(segment, sanitized); } builderForSanitizedAttrSegment.setLength(0); } return sanitized.toString(); }
From source file:de.zalanod.security.sanitizer.SimpleHtmlSanitizerCopy.java
License:Apache License
private void closeValidTag(final String segment, final String tag, final StringBuilder builderForSanitizedAttrSegment, final StringBuilder sanitized) { // append the tag, not escaping it if (isEndTag(segment)) { // we had seen an end-tag sanitized.append("</"); } else {/*from www . j a v a 2 s . c om*/ sanitized.append('<'); } sanitized.append(tag); if (builderForSanitizedAttrSegment.length() > 0) { // due to http://code.google.com/p/google-web-toolkit/issues/detail?id=4097 we have to use the .toString() // method here. might be fixed for newer gwt versions. causes troubles only in debug mode sanitized.append(' ').append(builderForSanitizedAttrSegment.toString()); } if (hasEndTag(segment)) { sanitized.append('>'); } else { sanitized.append("/>"); } // append the rest of the segment, escaping it sanitized.append(SafeHtmlUtils.htmlEscapeAllowEntities(segment.substring(segment.indexOf('>') + 1))); }
From source file:de.zalanod.security.sanitizer.SimpleHtmlSanitizerCopy.java
License:Apache License
private void closeInvalidTag(final String segment, final StringBuilder sanitized) { // just escape the whole segment sanitized.append("<").append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); }
From source file:gwt.material.design.client.base.helper.CodeHelper.java
License:Apache License
public static SafeHtml parseCode(String code) { SafeHtmlBuilder builder = new SafeHtmlBuilder(); String[] splitted = code.replaceAll("\\\\s", " ").split("\\\\n\\s?"); String[] arr$ = splitted;//from w ww . j av a2 s . c om int len$ = splitted.length; for (int i$ = 0; i$ < len$; ++i$) { String s = arr$[i$]; builder.append(SafeHtmlUtils.fromTrustedString(SafeHtmlUtils.htmlEscapeAllowEntities(s))); builder.appendHtmlConstant("<br>"); } return builder.toSafeHtml(); }
From source file:org.cee.webreader.client.util.ContentHtmlSanitizer.java
License:Apache License
@Override public SafeHtml sanitize(String html) { StringBuilder sanitized = new StringBuilder(); boolean firstSegment = true; for (String segment : html.split("<", -1)) { if (firstSegment) { firstSegment = false;/*w w w . j a va 2 s.c om*/ sanitized.append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); continue; } int tagStart = 0; // will be 1 if this turns out to be an end tag. int tagEnd = segment.indexOf('>'); String tag = null; String tagName = null; String tagAttributes = null; boolean isValidTag = false; if (tagEnd > 0) { if (segment.charAt(0) == '/') { tagStart = 1; } tag = segment.substring(tagStart, tagEnd); int index = 0; int tagLength = tag.length(); //find tag name while (index <= tagLength) { if (index == tagLength || tag.charAt(index) == ' ' || tag.charAt(index) == '/') { tagName = tag.substring(0, index).toLowerCase(); break; } index++; } if (tagName != null && TAG_WHITELIST.contains(tagName)) { isValidTag = true; tagAttributes = tag.substring(index, tag.length()); } } if (isValidTag) { // append the tag, not escaping it if (tagStart == 0) { sanitized.append('<').append(tagName); String[] validAttributes = null; if (tagName.equalsIgnoreCase("A")) { validAttributes = A_ATTRIBUTES; } else if (tagName.equalsIgnoreCase("IMG")) { validAttributes = IMG_ATTRIBUTES; } else { validAttributes = DEFAULT_ATTRIBUTES; } appendAttributes(sanitized, tagAttributes, Arrays.asList(validAttributes)); } else { // we had seen an end-tag sanitized.append("</").append(tagName); } sanitized.append('>').append(SafeHtmlUtils.htmlEscapeAllowEntities(segment.substring(tagEnd + 1))); } else { if (escapeIllegalTags) { // just escape the whole segment sanitized.append("<").append(SafeHtmlUtils.htmlEscapeAllowEntities(segment)); } else { sanitized.append(segment.substring(tagEnd + 1)); } } } return new SafeContentString(sanitized.toString()); }