You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@hyperreal.org on 2000/02/02 20:16:56 UTC

cvs commit: apache-site/info/css-security encoding_examples.html

marc        00/02/02 11:16:55

  Modified:    info/css-security encoding_examples.html
  Log:
  Add info on Java methods, even though it isn't specifically Apache
  related.
  
  Revision  Changes    Path
  1.2       +45 -1     apache-site/info/css-security/encoding_examples.html
  
  Index: encoding_examples.html
  ===================================================================
  RCS file: /export/home/cvs/apache-site/info/css-security/encoding_examples.html,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- encoding_examples.html	2000/02/02 18:02:48	1.1
  +++ encoding_examples.html	2000/02/02 19:16:54	1.2
  @@ -163,5 +163,49 @@
   http://stein.cshl.org/WWW/software/CGI/</A> for more details on what
   this module can do.
   
  - </BODY>
  +<H2>Java Example:</H2>
  +
  +Unfortunately, Java does not include a standard method for entity
  +encoding data.  One possible method, taken from the <A
  +HREF="http://www.bitmechanic.com/projects/gsp/">GSP</A> code, is:
  +
  +<PRE>
  +
  +public static String escapeValue(String str) {  
  +    str = replace(str, '&amp;', "&amp;amp;");
  +    str = replace(str, '"', "&amp;quot;");
  +    str = replace(str, '&lt;', "&amp;lt;");
  +    str = replace(str, '&gt;', "&amp;gt;");
  +    return str;
  +}   
  +
  +public static String replace(String str, char ch, String replace) {  
  +    int pos = str.indexOf(ch);
  +    if(pos == -1) return str;
  +    StringBuffer buff = new StringBuffer(str.length() + 32);
  +    int start = 0;
  +    while(pos != -1 &amp;&amp; start &lt; str.length()) {
  +        buff.append(str.substring(start, pos));
  +        buff.append(replace);
  +
  +        start = pos + 1;
  +        if(start &lt; str.length()) pos = str.indexOf(ch, start);
  +    }   
  +    if(start &lt; str.length()) buff.append(str.substring(start));
  +    return buff.toString();
  +}   
  +
  +</PRE>
  +
  +You would use this in a manner such as:
  + 
  +<PRE>
  +String Text = "foo&lt;b&gt;bar";  
  +String URL = "foo&lt;b&gt;bar.html";  
  +    
  +System.out.println(escapeValue(Text));
  +System.out.println(java.net.URLEncoder.encode(URL));
  +</PRE>
  +
  +</BODY>
   </HTML>