marc 00/02/02 11:16:55
Modified: info/css-security encoding_examples.html Log: Add info on Java methods, even though it isn't specifically Apache related. Revision Changes Path 1.2 +45 -1 apache-site/info/css-security/encoding_examples.html Index: encoding_examples.html =================================================================== RCS file: /export/home/cvs/apache-site/info/css-security/encoding_examples.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- encoding_examples.html 2000/02/02 18:02:48 1.1 +++ encoding_examples.html 2000/02/02 19:16:54 1.2 @@ -163,5 +163,49 @@ http://stein.cshl.org/WWW/software/CGI/</A> for more details on what this module can do. - </BODY> +<H2>Java Example:</H2> + +Unfortunately, Java does not include a standard method for entity +encoding data. One possible method, taken from the <A +HREF="http://www.bitmechanic.com/projects/gsp/">GSP</A> code, is: + +<PRE> + +public static String escapeValue(String str) { + str = replace(str, '&', "&amp;"); + str = replace(str, '"', "&quot;"); + str = replace(str, '<', "&lt;"); + str = replace(str, '>', "&gt;"); + return str; +} + +public static String replace(String str, char ch, String replace) { + int pos = str.indexOf(ch); + if(pos == -1) return str; + StringBuffer buff = new StringBuffer(str.length() + 32); + int start = 0; + while(pos != -1 && start < str.length()) { + buff.append(str.substring(start, pos)); + buff.append(replace); + + start = pos + 1; + if(start < str.length()) pos = str.indexOf(ch, start); + } + if(start < str.length()) buff.append(str.substring(start)); + return buff.toString(); +} + +</PRE> + +You would use this in a manner such as: + +<PRE> +String Text = "foo<b>bar"; +String URL = "foo<b>bar.html"; + +System.out.println(escapeValue(Text)); +System.out.println(java.net.URLEncoder.encode(URL)); +</PRE> + +</BODY> </HTML>