You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@hyperreal.org on 2000/02/02 20:16:56 UTC
cvs commit: apache-site/info/css-security encoding_examples.html
marc 00/02/02 11:16:55
Modified: info/css-security encoding_examples.html
Log:
Add info on Java methods, even though it isn't specifically Apache
related.
Revision Changes Path
1.2 +45 -1 apache-site/info/css-security/encoding_examples.html
Index: encoding_examples.html
===================================================================
RCS file: /export/home/cvs/apache-site/info/css-security/encoding_examples.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- encoding_examples.html 2000/02/02 18:02:48 1.1
+++ encoding_examples.html 2000/02/02 19:16:54 1.2
@@ -163,5 +163,49 @@
http://stein.cshl.org/WWW/software/CGI/</A> for more details on what
this module can do.
- </BODY>
+<H2>Java Example:</H2>
+
+Unfortunately, Java does not include a standard method for entity
+encoding data. One possible method, taken from the <A
+HREF="http://www.bitmechanic.com/projects/gsp/">GSP</A> code, is:
+
+<PRE>
+
+public static String escapeValue(String str) {
+ str = replace(str, '&', "&amp;");
+ str = replace(str, '"', "&quot;");
+ str = replace(str, '<', "&lt;");
+ str = replace(str, '>', "&gt;");
+ return str;
+}
+
+public static String replace(String str, char ch, String replace) {
+ int pos = str.indexOf(ch);
+ if(pos == -1) return str;
+ StringBuffer buff = new StringBuffer(str.length() + 32);
+ int start = 0;
+ while(pos != -1 && start < str.length()) {
+ buff.append(str.substring(start, pos));
+ buff.append(replace);
+
+ start = pos + 1;
+ if(start < str.length()) pos = str.indexOf(ch, start);
+ }
+ if(start < str.length()) buff.append(str.substring(start));
+ return buff.toString();
+}
+
+</PRE>
+
+You would use this in a manner such as:
+
+<PRE>
+String Text = "foo<b>bar";
+String URL = "foo<b>bar.html";
+
+System.out.println(escapeValue(Text));
+System.out.println(java.net.URLEncoder.encode(URL));
+</PRE>
+
+</BODY>
</HTML>