com.liferay.portal.util

Class HtmlImpl

java.lang.Object

com.liferay.portal.util.HtmlImpl

All Implemented Interfaces:

com.liferay.portal.kernel.util.Html

public class HtmlImpl
extends java.lang.Object
implements com.liferay.portal.kernel.util.Html

Provides the implementation of the HTML utility interface for escaping, replacing, and stripping HTML text. This class uses XSS recommendations from http://www.owasp.org/index.php/Cross_Site_Scripting#How_to_Protect_Yourself when escaping HTML text.

Author:

Brian Wing Shun Chan, Clarence Shen, Harry Mark, Samuel Kong, Connor McKay, Shuyang Zhou

Constructor Summary

Constructors

Constructor and Description
HtmlImpl()

Method Summary

Modifier and Type	Method and Description
java.lang.String	buildData(java.util.Map<java.lang.String,java.lang.Object> data) Generates a string with the data-* attributes generated from the keys and values of a map.
java.lang.String	escape(java.lang.String text) Escapes the text so that it is safe to use in an HTML context.
java.lang.String	escapeAttribute(java.lang.String attribute) Escapes the attribute value so that it is safe to use within a quoted attribute.
java.lang.String	escapeCSS(java.lang.String css) Escapes the CSS value so that it is safe to use in a CSS context.
java.lang.String	escapeHREF(java.lang.String href) Escapes the HREF attribute so that it is safe to use as an HREF attribute.
java.lang.String	escapeJS(java.lang.String js) Escapes the JavaScript value so that it is safe to use in a JavaScript context.
java.lang.String	escapeJSLink(java.lang.String link)
java.lang.String	escapeURL(java.lang.String url) Escapes the URL value so that it is safe to use as a URL.
java.lang.String	escapeXPath(java.lang.String xPath)
java.lang.String	escapeXPathAttribute(java.lang.String xPathAttribute)
java.lang.String	fromInputSafe(java.lang.String text)
java.lang.String	getAUICompatibleId(java.lang.String text)
protected boolean	isTag(char[] tag, java.lang.String text, int pos)
java.lang.String	replaceNewLine(java.lang.String html) Replaces all new lines or carriage returns with the HTML tag.
java.lang.String	stripBetween(java.lang.String text, java.lang.String tag) Strips all content delimited by the tag out of the text.
java.lang.String	stripComments(java.lang.String text) Strips all XML comments out of the text.
java.lang.String	stripHtml(java.lang.String text)
protected int	stripTag(char[] tag, java.lang.String text, int pos)
java.lang.String	toInputSafe(java.lang.String text) Encodes the text so that it's safe to use as an HTML input field value.
java.lang.String	unescape(java.lang.String text)
java.lang.String	unescapeCDATA(java.lang.String text)
java.lang.String	wordBreak(java.lang.String text, int columns)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HtmlImpl

public HtmlImpl()

Method Detail

buildData

public java.lang.String buildData(java.util.Map<java.lang.String,java.lang.Object> data)

Generates a string with the data-* attributes generated from the keys and values of a map. For example, a map containing {key1=value1;key2=value2} is returned as the string data-key1=value1 data-key2=value2.

Specified by:

buildData in interface com.liferay.portal.kernel.util.Html

Parameters:

data - the map of values to convert to data-* attributes

Returns:

a string with the data attributes, or null if the map is null

escape

public java.lang.String escape(java.lang.String text)

Escapes the text so that it is safe to use in an HTML context.

Specified by:

escape in interface com.liferay.portal.kernel.util.Html

Parameters:

text - the text to escape

Returns:

the escaped HTML text, or null if the text is null

escapeAttribute

public java.lang.String escapeAttribute(java.lang.String attribute)

Escapes the attribute value so that it is safe to use within a quoted attribute.

Specified by:

escapeAttribute in interface com.liferay.portal.kernel.util.Html

Parameters:

attribute - the attribute to escape

Returns:

the escaped attribute value, or null if the attribute value is null

escapeCSS

public java.lang.String escapeCSS(java.lang.String css)

Escapes the CSS value so that it is safe to use in a CSS context.

Specified by:

escapeCSS in interface com.liferay.portal.kernel.util.Html

Parameters:

css - the CSS value to escape

Returns:

the escaped CSS value, or null if the CSS value is null

escapeHREF

public java.lang.String escapeHREF(java.lang.String href)

Escapes the HREF attribute so that it is safe to use as an HREF attribute.

Specified by:

escapeHREF in interface com.liferay.portal.kernel.util.Html

Parameters:

href - the HREF attribute to escape

Returns:

the escaped HREF attribute, or null if the HREF attribute is null

escapeJS

public java.lang.String escapeJS(java.lang.String js)

Escapes the JavaScript value so that it is safe to use in a JavaScript context.

Specified by:

escapeJS in interface com.liferay.portal.kernel.util.Html

Parameters:

js - the JavaScript value to escape

Returns:

the escaped JavaScript value, or null if the JavaScript value is null

escapeJSLink

public java.lang.String escapeJSLink(java.lang.String link)

Specified by:

escapeJSLink in interface com.liferay.portal.kernel.util.Html

escapeURL

public java.lang.String escapeURL(java.lang.String url)

Escapes the URL value so that it is safe to use as a URL.

Specified by:

escapeURL in interface com.liferay.portal.kernel.util.Html

Parameters:

url - the URL value to escape

Returns:

the escaped URL value, or null if the URL value is null

escapeXPath

public java.lang.String escapeXPath(java.lang.String xPath)

Specified by:

escapeXPath in interface com.liferay.portal.kernel.util.Html

escapeXPathAttribute

public java.lang.String escapeXPathAttribute(java.lang.String xPathAttribute)

Specified by:

escapeXPathAttribute in interface com.liferay.portal.kernel.util.Html

fromInputSafe

public java.lang.String fromInputSafe(java.lang.String text)

Specified by:

fromInputSafe in interface com.liferay.portal.kernel.util.Html

getAUICompatibleId

public java.lang.String getAUICompatibleId(java.lang.String text)

Specified by:

getAUICompatibleId in interface com.liferay.portal.kernel.util.Html

replaceNewLine

public java.lang.String replaceNewLine(java.lang.String html)

Replaces all new lines or carriage returns with the
HTML tag.

Specified by:

replaceNewLine in interface com.liferay.portal.kernel.util.Html

Parameters:

html - the text

Returns:

the converted text, or null if the text is null

stripBetween

public java.lang.String stripBetween(java.lang.String text,
                                     java.lang.String tag)

Strips all content delimited by the tag out of the text.

If the tag appears multiple times, all occurrences (including the tag) are stripped. The tag may have attributes. In order for this method to recognize the tag, it must consist of a separate opening and closing tag. Self-closing tags remain in the result.

Specified by:

stripBetween in interface com.liferay.portal.kernel.util.Html

Parameters:

text - the text

tag - the tag used for delimiting, which should only be the tag's name (e.g. no <)

Returns:

the text, without the stripped tag and its contents, or null if the text is null

stripComments

public java.lang.String stripComments(java.lang.String text)

Strips all XML comments out of the text.

Specified by:

stripComments in interface com.liferay.portal.kernel.util.Html

Parameters:

text - the text

Returns:

the text, without the stripped XML comments, or null if the text is null

stripHtml

public java.lang.String stripHtml(java.lang.String text)

Specified by:

stripHtml in interface com.liferay.portal.kernel.util.Html

toInputSafe

public java.lang.String toInputSafe(java.lang.String text)

Encodes the text so that it's safe to use as an HTML input field value.

For example, the & character is replaced by &.

Specified by:

toInputSafe in interface com.liferay.portal.kernel.util.Html

Parameters:

text - the text

Returns:

the encoded text that is safe to use as an HTML input field value, or null if the text is null

unescape

public java.lang.String unescape(java.lang.String text)

Specified by:

unescape in interface com.liferay.portal.kernel.util.Html

unescapeCDATA

public java.lang.String unescapeCDATA(java.lang.String text)

Specified by:

unescapeCDATA in interface com.liferay.portal.kernel.util.Html

wordBreak

public java.lang.String wordBreak(java.lang.String text,
                                  int columns)

Specified by:

wordBreak in interface com.liferay.portal.kernel.util.Html

isTag

protected boolean isTag(char[] tag,
                        java.lang.String text,
                        int pos)

stripTag

protected int stripTag(char[] tag,
                       java.lang.String text,
                       int pos)