Search in sources :

Example 1 with Tag

use of org.htmlparser.Tag in project jforum2 by rafaelsteil.

the class SafeHtml method makeSafe.

/**
	 * Given an input, makes it safe for HTML displaying. 
	 * Removes any not allowed HTML tag or attribute, as well
	 * unwanted Javascript statements inside the tags. 
	 * @param contents the input to analyze
	 * @return the modified and safe string
	 */
public String makeSafe(String contents) {
    if (contents == null || contents.length() == 0) {
        return contents;
    }
    StringBuffer sb = new StringBuffer(contents.length());
    try {
        Lexer lexer = new Lexer(contents);
        Node node;
        while ((node = lexer.nextNode()) != null) {
            boolean isTextNode = node instanceof TextNode;
            if (isTextNode) {
                // Text nodes are raw data, so we just
                // strip off all possible html content
                String text = node.toHtml();
                if (text.indexOf('>') > -1 || text.indexOf('<') > -1) {
                    StringBuffer tmp = new StringBuffer(text);
                    ViewCommon.replaceAll(tmp, "<", "&lt;");
                    ViewCommon.replaceAll(tmp, ">", "&gt;");
                    ViewCommon.replaceAll(tmp, "\"", "&quot;");
                    node.setText(tmp.toString());
                }
            }
            if (isTextNode || (node instanceof Tag && this.isTagWelcome(node))) {
                sb.append(node.toHtml());
            } else {
                StringBuffer tmp = new StringBuffer(node.toHtml());
                ViewCommon.replaceAll(tmp, "<", "&lt;");
                ViewCommon.replaceAll(tmp, ">", "&gt;");
                sb.append(tmp.toString());
            }
        }
    } catch (Exception e) {
        throw new ForumException("Error while parsing HTML: " + e, e);
    }
    return sb.toString();
}
Also used : Lexer(org.htmlparser.lexer.Lexer) ForumException(net.jforum.exceptions.ForumException) Node(org.htmlparser.Node) TextNode(org.htmlparser.nodes.TextNode) TextNode(org.htmlparser.nodes.TextNode) Tag(org.htmlparser.Tag) ForumException(net.jforum.exceptions.ForumException)

Example 2 with Tag

use of org.htmlparser.Tag in project jforum2 by rafaelsteil.

the class SafeHtml method ensureAllAttributesAreSafe.

/**
	 * Given an input, analyze each HTML tag and remove unsecure attributes from them. 
	 * @param contents The content to verify
	 * @return the content, secure. 
	 */
public String ensureAllAttributesAreSafe(String contents) {
    StringBuffer sb = new StringBuffer(contents.length());
    try {
        Lexer lexer = new Lexer(contents);
        Node node;
        while ((node = lexer.nextNode()) != null) {
            if (node instanceof Tag) {
                Tag tag = (Tag) node;
                this.checkAndValidateAttributes(tag, false);
                sb.append(tag.toHtml());
            } else {
                sb.append(node.toHtml());
            }
        }
    } catch (Exception e) {
        throw new ForumException("Problems while parsing HTML: " + e, e);
    }
    return sb.toString();
}
Also used : Lexer(org.htmlparser.lexer.Lexer) ForumException(net.jforum.exceptions.ForumException) Node(org.htmlparser.Node) TextNode(org.htmlparser.nodes.TextNode) Tag(org.htmlparser.Tag) ForumException(net.jforum.exceptions.ForumException)

Example 3 with Tag

use of org.htmlparser.Tag in project jforum2 by rafaelsteil.

the class SafeHtml method isTagWelcome.

/**
	 * Returns true if a given tag is allowed. 
	 * Also, it checks and removes any unwanted attribute the tag may contain. 
	 * @param node The tag node to analyze
	 * @return true if it is a valid tag. 
	 */
private boolean isTagWelcome(Node node) {
    Tag tag = (Tag) node;
    if (!welcomeTags.contains(tag.getTagName())) {
        return false;
    }
    this.checkAndValidateAttributes(tag, true);
    return true;
}
Also used : Tag(org.htmlparser.Tag)

Aggregations

Tag (org.htmlparser.Tag)3 ForumException (net.jforum.exceptions.ForumException)2 Node (org.htmlparser.Node)2 Lexer (org.htmlparser.lexer.Lexer)2 TextNode (org.htmlparser.nodes.TextNode)2