org.springframework.extensions.webscripts.ui.common

Class StringUtils

java.lang.Object

org.springframework.extensions.webscripts.ui.common.StringUtils

public class StringUtils
extends Object

Class containing misc helper methods for managing Strings. NOTE: Extracted from org.alfresco.web.ui.common.Utils;

Author:

Kevin Roast

Field Summary

Fields

Modifier and Type	Field and Description
protected static Set<String>	attrBlackList JavaScript event handler attributes starting with "on" are always removed
protected static Set<String>	attrGreyList default list - NOTE: see spring-webscripts-application-context.xml
protected static Map<String,Set<String>>	attrValueBlackList default list - NOTE: see spring-webscripts-application-context.xml
protected static boolean	overrideDocType default value - NOTE: see spring-webscripts-application-context.xml
protected static Set<String>	tagWhiteList default list - NOTE: see spring-webscripts-application-context.xml

Constructor Summary

Constructors

Constructor and Description
StringUtils()

Method Summary

Modifier and Type	Method and Description
static String	cropEncode(String text) Crop a label within a SPAN element, using ellipses '...' at the end of label and and encode the result for HTML output.
static String	cropEncode(String text, int length) Crop a label within a SPAN element, using ellipses '...' at the end of label and and encode the result for HTML output.
static String	encode(String string) Encodes the given string, so that it can be used within an HTML page.
static String	encodeJavascript(String s) Encode a string to the %AB hex style JavaScript compatible notation.
static String	join(Object[] value) Join an array of values into a String value
static String	join(Object[] value, String delim) Join an array of values into a String value using supplied delimiter between each.
static String	remove(String str, String match) Remove all occurances of a String from a String
static String	replace(String str, String repl, String with) Replace one string instance with another within the specified string
static String	replaceLineBreaks(String str, boolean xhtml) Replaces carriage returns and line breaks with the <br> tag.
void	setAttributeBlackList(Set<String> attributes)
void	setAttributeGreyList(Set<String> attributes)
void	setAttributeValueBlackList(Map<String,Set<String>> attrValueBlackList)
void	setOverrideDocType(boolean overrideDocType)
void	setTagWhiteList(Set<String> tags)
static String	stripUnsafeHTMLDocument(String doc, boolean encode) Strip unsafe HTML tags from a string that represent an entire hml doc - only leaves most basic formatting tags and optionally encodes or strips the remaining characters.
static String	stripUnsafeHTMLTags(String s) Strip unsafe HTML tags from a string - only leaves most basic formatting tags and encodes the remaining characters.
static String	stripUnsafeHTMLTags(String s, boolean encode) Strip unsafe HTML tags from a string - only leaves most basic formatting tags and optionally encodes or strips the remaining characters.
static String	stripUnsafeHTMLTags(String s, boolean encode, boolean overrideDocumentType) Strip unsafe HTML tags from a string - only leaves most basic formatting tags and optionally encodes or strips the remaining characters.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

attrBlackList

protected static Set<String> attrBlackList

JavaScript event handler attributes starting with "on" are always removed

attrGreyList

protected static Set<String> attrGreyList

default list - NOTE: see spring-webscripts-application-context.xml

attrValueBlackList

protected static Map<String,Set<String>> attrValueBlackList

default list - NOTE: see spring-webscripts-application-context.xml

tagWhiteList

protected static Set<String> tagWhiteList

default list - NOTE: see spring-webscripts-application-context.xml

overrideDocType

protected static boolean overrideDocType

default value - NOTE: see spring-webscripts-application-context.xml

Constructor Detail

StringUtils

public StringUtils()

Method Detail

setTagWhiteList

public void setTagWhiteList(Set<String> tags)

Parameters:

tags - Set of safe HTML tags

setAttributeGreyList

public void setAttributeGreyList(Set<String> attributes)

Parameters:

attributes - Set of HTML attributes to consider for sanitisation

setAttributeBlackList

public void setAttributeBlackList(Set<String> attributes)

Parameters:

attributes - Set of HTML attributes to be removed

setAttributeValueBlackList

public void setAttributeValueBlackList(Map<String,Set<String>> attrValueBlackList)

Parameters:

attrValueBlackList - Map between HTML tag attributes and set of forbidden values to be removed

setOverrideDocType

public void setOverrideDocType(boolean overrideDocType)

Parameters:

overrideDocType - Decides if legacy html !DOCTYPE instructions shall be transformed to the default mode

encode

public static String encode(String string)

Encodes the given string, so that it can be used within an HTML page.

Parameters:

string - the String to convert

cropEncode

public static String cropEncode(String text)

Crop a label within a SPAN element, using ellipses '...' at the end of label and and encode the result for HTML output. A SPAN will only be generated if the label is beyond the default setting of 32 characters in length.

Parameters:

text - to crop and encode

Returns:

encoded and cropped resulting label HTML

cropEncode

public static String cropEncode(String text,
                                int length)

Crop a label within a SPAN element, using ellipses '...' at the end of label and and encode the result for HTML output. A SPAN will only be generated if the label is beyond the specified number of characters in length.

Parameters:

text - to crop and encode

length - length of string to crop too

Returns:

encoded and cropped resulting label HTML

encodeJavascript

public static String encodeJavascript(String s)

Encode a string to the %AB hex style JavaScript compatible notation. Used to encode a string to a value that can be safely inserted into an HTML page and then decoded (and probably eval()ed) using the unescape() JavaScript method.

Parameters:

s - string to encode

Returns:

%AB hex style encoded string

stripUnsafeHTMLTags

public static String stripUnsafeHTMLTags(String s)

Strip unsafe HTML tags from a string - only leaves most basic formatting tags and encodes the remaining characters.

Parameters:

s - HTML string to strip tags from

Returns:

safe string

stripUnsafeHTMLTags

public static String stripUnsafeHTMLTags(String s,
                                         boolean encode)

Strip unsafe HTML tags from a string - only leaves most basic formatting tags and optionally encodes or strips the remaining characters.

Parameters:

s - HTML string to strip tags from

encode - if true then encode remaining html data

Returns:

safe string

stripUnsafeHTMLDocument

public static String stripUnsafeHTMLDocument(String doc,
                                             boolean encode)

Strip unsafe HTML tags from a string that represent an entire hml doc - only leaves most basic formatting tags and optionally encodes or strips the remaining characters.

Parameters:

doc - HTML string representing an entire hml doc to strip tags from

encode - if true then encode remaining html data

Returns:

safe string

stripUnsafeHTMLTags

public static String stripUnsafeHTMLTags(String s,
                                         boolean encode,
                                         boolean overrideDocumentType)

Strip unsafe HTML tags from a string - only leaves most basic formatting tags and optionally encodes or strips the remaining characters.

Parameters:

s - HTML string to strip tags from

encode - if true then encode remaining html data

overrideDocumentType - if true a doctype enforcing the latest browser rendition mode will used

Returns:

safe string

replace

public static String replace(String str,
                             String repl,
                             String with)

Replace one string instance with another within the specified string

Parameters:

str - String

repl - String

with - String

Returns:

replaced string

remove

public static String remove(String str,
                            String match)

Remove all occurances of a String from a String

Parameters:

str - String to remove occurances from

match - The string to remove

Returns:

new String with occurances of the match removed

replaceLineBreaks

public static String replaceLineBreaks(String str,
                                       boolean xhtml)

Replaces carriage returns and line breaks with the <br> tag.

Parameters:

str - The string to be parsed

Returns:

The string with line breaks removed

join

public static String join(Object[] value)

Join an array of values into a String value

Parameters:

value - non-null array of objects - toString() of each value is used

Returns:

concatenated string value

join

public static String join(Object[] value,
                          String delim)

Join an array of values into a String value using supplied delimiter between each.

Parameters:

value - non-null array of objects - toString() of each value is used

delim - delimiter value to apply between each value - null indicates no delimiter

Returns:

concatenated string value