Example 1 with Tag
use of org.htmlparser.Tag in project jforum2 by rafaelsteil.
the class SafeHtml method makeSafe.
/**
* Given an input, makes it safe for HTML displaying.
* Removes any not allowed HTML tag or attribute, as well
* unwanted Javascript statements inside the tags.
* @param contents the input to analyze
* @return the modified and safe string
*/
public String makeSafe(String contents) {
if (contents == null || contents.length() == 0) {
return contents;
}
StringBuffer sb = new StringBuffer(contents.length());
try {
Lexer lexer = new Lexer(contents);
Node node;
while ((node = lexer.nextNode()) != null) {
boolean isTextNode = node instanceof TextNode;
if (isTextNode) {
// Text nodes are raw data, so we just
// strip off all possible html content
String text = node.toHtml();
if (text.indexOf('>') > -1 || text.indexOf('<') > -1) {
StringBuffer tmp = new StringBuffer(text);
ViewCommon.replaceAll(tmp, "<", "<");
ViewCommon.replaceAll(tmp, ">", ">");
ViewCommon.replaceAll(tmp, "\"", """);
node.setText(tmp.toString());
}
}
if (isTextNode || (node instanceof Tag && this.isTagWelcome(node))) {
sb.append(node.toHtml());
} else {
StringBuffer tmp = new StringBuffer(node.toHtml());
ViewCommon.replaceAll(tmp, "<", "<");
ViewCommon.replaceAll(tmp, ">", ">");
sb.append(tmp.toString());
}
}
} catch (Exception e) {
throw new ForumException("Error while parsing HTML: " + e, e);
}
return sb.toString();
}
Also used :
Lexer(org.htmlparser.lexer.Lexer)
ForumException(net.jforum.exceptions.ForumException)
Node(org.htmlparser.Node)
TextNode(org.htmlparser.nodes.TextNode)
TextNode(org.htmlparser.nodes.TextNode)
Tag(org.htmlparser.Tag)
ForumException(net.jforum.exceptions.ForumException)
Example 2 with Tag
use of org.htmlparser.Tag in project jforum2 by rafaelsteil.
the class SafeHtml method ensureAllAttributesAreSafe.
/**
* Given an input, analyze each HTML tag and remove unsecure attributes from them.
* @param contents The content to verify
* @return the content, secure.
*/
public String ensureAllAttributesAreSafe(String contents) {
StringBuffer sb = new StringBuffer(contents.length());
try {
Lexer lexer = new Lexer(contents);
Node node;
while ((node = lexer.nextNode()) != null) {
if (node instanceof Tag) {
Tag tag = (Tag) node;
this.checkAndValidateAttributes(tag, false);
sb.append(tag.toHtml());
} else {
sb.append(node.toHtml());
}
}
} catch (Exception e) {
throw new ForumException("Problems while parsing HTML: " + e, e);
}
return sb.toString();
}
Also used :
Lexer(org.htmlparser.lexer.Lexer)
ForumException(net.jforum.exceptions.ForumException)
Node(org.htmlparser.Node)
TextNode(org.htmlparser.nodes.TextNode)
Tag(org.htmlparser.Tag)
ForumException(net.jforum.exceptions.ForumException)
Example 3 with Tag
use of org.htmlparser.Tag in project jforum2 by rafaelsteil.
the class SafeHtml method isTagWelcome.
/**
* Returns true if a given tag is allowed.
* Also, it checks and removes any unwanted attribute the tag may contain.
* @param node The tag node to analyze
* @return true if it is a valid tag.
*/
private boolean isTagWelcome(Node node) {
Tag tag = (Tag) node;
if (!welcomeTags.contains(tag.getTagName())) {
return false;
}
this.checkAndValidateAttributes(tag, true);
return true;
}
Also used :
Tag(org.htmlparser.Tag)
Aggregations
Tag (org.htmlparser.Tag)3
ForumException (net.jforum.exceptions.ForumException)2
Node (org.htmlparser.Node)2
Lexer (org.htmlparser.lexer.Lexer)2
TextNode (org.htmlparser.nodes.TextNode)2
