下面列出了org.apache.commons.lang3.StringEscapeUtils#escapeHtml4 ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private void addParameterizedMessages(HttpServletRequest req) {
String messageKey = req.getParameter("message");
if (messageKey != null) {
ActionMessages msg = new ActionMessages();
String param1 = req.getParameter("messagep1");
String param2 = req.getParameter("messagep2");
String param3 = req.getParameter("messagep3");
Object[] args = new Object[3];
args[0] = StringEscapeUtils.escapeHtml4(param1);
args[1] = StringEscapeUtils.escapeHtml4(param2);
args[2] = StringEscapeUtils.escapeHtml4(param3);
msg.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(messageKey, args));
StrutsDelegate.getInstance().saveMessages(req, msg);
}
}
public String formatRevisionDisplay(final Revision revision) {
final String defaultFormattedRevision = revision.getAuthor() + " @ " + revision.getDate() + " (" + revision.getRevision() + ")";
final ServletContext servletContext = pageContext.getServletContext();
final WebApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
try {
final Map<String, DefinitionRevisionDisplayFormatter> formatterBeans = BeanFactoryUtils.beansOfTypeIncludingAncestors(context,DefinitionRevisionDisplayFormatter.class);
if (formatterBeans.isEmpty()) {
//No bean found, which is acceptable.
return StringEscapeUtils.escapeHtml4(defaultFormattedRevision);
} else if (formatterBeans.size() == 1) {
final DefinitionRevisionDisplayFormatter formatter = formatterBeans.values().iterator().next();
return formatter.formatRevision(revision);
} else {
throw new IllegalArgumentException("Multiple beans of type " + DefinitionRevisionDisplayFormatter.class.getSimpleName() + " found, expected 0 or 1.");
}
} catch (final Exception e) {
LOGGER.error("An error occurred when retrieving revision url.", e);
return defaultFormattedRevision;
}
}
protected void createSuccessMessage(HttpServletRequest req, String msgKey,
String param1) {
ActionMessages msg = new ActionMessages();
Object[] args = new Object[1];
args[0] = StringEscapeUtils.escapeHtml4(param1);
msg.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(msgKey, args));
StrutsDelegate.getInstance().saveMessages(req, msg);
}
/**
* Tests getRelatedObjectDescription().
* @throws Exception if something bad happens
*/
public void testGetRelatedObjectDescription() throws Exception {
ErrataAction action = (ErrataAction) ActionFactoryTest.createAction(user,
ActionFactory.TYPE_ERRATA);
ErrataActionFormatter formatter = new ErrataActionFormatter(action);
Errata errata = action.getErrata().iterator().next();
String expected = "<a href=\"/rhn/errata/details/Details.do?eid=" +
errata.getId().toString() + "\">" +
StringEscapeUtils.escapeHtml4(errata.getAdvisory()) + "</a>";
String result = formatter.getRelatedObjectDescription();
assertTrue(result.contains(expected));
}
@Override
protected void say(String text) {
if (text == null) {
return;
}
text = StringEscapeUtils.escapeHtml4(text);
text = text.replace("\n", "<br />");
sb.append(text);
sb.append("<br />");
}
private void makeMessage(Action action, HttpServletRequest request) {
if (action != null) {
//get how many servers this action was created for.
int successes = action.getServerActions().size();
String number = LocalizationService.getInstance()
.formatNumber(successes);
//build the url for the action we have created.
String url = "/rhn/schedule/ActionDetails.do?aid=" + action.getId();
//create the success message
ActionMessages msg = new ActionMessages();
String key;
if (successes == 1) {
key = "configdiff.schedule.success.singular";
}
else {
key = "configdiff.schedule.success";
}
Object[] args = new Object[2];
args[0] = StringEscapeUtils.escapeHtml4(url);
args[1] = StringEscapeUtils.escapeHtml4(number);
//add in the success message
msg.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(key, args));
getStrutsDelegate().saveMessages(request, msg);
}
else {
//Something went wrong, tell user!
ActionErrors errors = new ActionErrors();
getStrutsDelegate().addError("configdiff.schedule.selection_error",
errors);
getStrutsDelegate().saveMessages(request, errors);
}
}
/**
* Add an error message to the request with argument array
* @param req to add the message to
* @param beanKey resource key to lookup
* @param args the message parameters to fill in placeholders
*/
protected void createErrorMessageWithMultipleArgs(HttpServletRequest req, String beanKey, String... args) {
ActionErrors errs = new ActionErrors();
String[] escArgs = new String[args.length];
for (int i = 0; i < args.length; i++) {
escArgs[i] = StringEscapeUtils.escapeHtml4(args[i]);
}
errs.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(beanKey, escArgs));
saveMessages(req, errs);
}
/** {@inheritDoc} */
public ActionForward execute(ActionMapping mapping, ActionForm formIn,
HttpServletRequest request, HttpServletResponse response) {
request.setAttribute("logfile_path", LOGFILE_PATH);
String contents = FileUtils.getTailOfFile(LOGFILE_PATH, 1000);
contents = StringEscapeUtils.escapeHtml4(contents);
request.setAttribute("contents", contents);
return mapping.findForward(RhnHelper.DEFAULT_FORWARD);
}
public String formatFailReasonAsHtml(String reasonText) {
if (!StringUtils.isEmpty(reasonText)) {
reasonText = StringEscapeUtils.escapeHtml4(reasonText);
reasonText = reasonText.replace("\n", "<br/>");
}
return reasonText;
}
public void processAction(ActionRequest req, ActionResponse resp)
throws PortletException, IOException {
ActionParameters ap = req.getActionParameters();
MutableRenderParameters mrp = resp.getRenderParameters();
Set<? extends String> rpNames = mrp.getNames();
if (isDebug) {
StringBuffer sb = new StringBuffer();
sb.append("Action parameters:");
for (String k : ap.getNames()) {
sb.append("\nName: ").append(k);
sb.append(", Values: ").append(Arrays.toString(ap.getValues(k)));
}
logger.debug(sb.toString());
}
// Handle the control parameters
String setType = ap.getValue(PARAM_SETTYPE);
setType = (setType == null) ? PARAM_SETTYPE_VARRAY : setType;
mrp.setValue(PARAM_SETTYPE, setType);
String remType = ap.getValue(PARAM_REMTYPE);
remType = (remType == null) ? PARAM_REMTYPE_SET : remType;
mrp.setValue(PARAM_REMTYPE, remType);
String aurlCopy = ap.getValue(PARAM_AURLCOPY);
aurlCopy = (aurlCopy == null) ? PARAM_AURLCOPY_ALL : aurlCopy;
mrp.setValue(PARAM_AURLCOPY, aurlCopy);
// Get the parameter name & values. Parse values string into individual values.
// if string is 'null', change it into null.
// string escape here to avoid xss vulnerability & problem with portlet hub json
String pn = StringEscapeUtils.escapeHtml4(ap.getValue(PARAM_NAME));
String pv = StringEscapeUtils.escapeHtml4(ap.getValue(PARAM_VALUES));
String[] parsedVals = null;
StringBuilder txt = new StringBuilder("Setting values to ");
if (pn != null && pn.length() > 0 && pv != null) {
parsedVals = pv.split(",", -1);
if (pv.length() == 0) {
txt.append("array containing single empty string");
parsedVals = new String[] {""};
} else if (parsedVals.length == 1) {
if (parsedVals[0].equals("null")) {
txt.append("null");
parsedVals = null;
} else if (parsedVals[0].equals("empty")) {
txt.append("an empty array.");
parsedVals = new String[0];
} else {
txt.append("an array containing the single item");
}
} else {
txt.append("an array of values");
for (int ii = 0; ii < parsedVals.length; ii++) {
if (parsedVals[ii].equals("null")) {
parsedVals[ii] = null;
}
}
}
try {
if (remType.equals(PARAM_REMTYPE_REM)) {
txt.append(". Removing parameter");
mrp.removeParameter(pn);
} else {
if (setType.equals(PARAM_SETTYPE_VARRAY)) {
txt.append(" using values array");
mrp.setValues(pn, parsedVals);
} else {
txt.append(" using first value in array");
String tval = (parsedVals == null) ? null : parsedVals[0];
mrp.setValue(pn, tval);
}
}
} catch(Exception e) {
StringBuilder err = new StringBuilder("Exception setting parameter: ");
err.append(e.toString());
mrp.setValue("Error:", "<span style='color: red;'>" + err.toString() + "</span>");
}
} else if (rpNames.isEmpty()) {
txt.append("the error message");
mrp.setValue("Error:", "<span style='color: red;'>No parameters available!</span>");
}
if (isDebug) {
logger.debug(txt.toString());
txt = new StringBuilder("Parsed Action Parameters: ");
txt.append(", Name: ").append(pn);
txt.append(", Value string: >>").append(pv).append("<<");
txt.append(", Parsed Values: ").append(Arrays.toString(parsedVals));
logger.debug(txt.toString());
}
}
private String escapeHTML(String s){
return StringEscapeUtils.escapeHtml4(s);
}
private String convertName(String name) {
return StringEscapeUtils.escapeHtml4( StringUtils.trimToEmpty( name ) );
}
public static void main(String[] args){
String js = "中文<script>hi</script><h5></h5>";
System.out.println(js);
js = StringEscapeUtils.escapeHtml4(js);
System.out.println(js);
}
private String dynamicLink(Matcher matcher) {
String linkWithRealId = StringEscapeUtils.escapeHtml4(link.replace("${ID}", id(matcher)));
return String.format("<a href=\"%s\" target=\"story_tracker\">%s</a>", linkWithRealId, textOnLink(matcher));
}
protected void renderFilterBox(Writer out) throws IOException {
LocalizationService ls = LocalizationService.getInstance();
HtmlTag tag = new HtmlTag("div");
tag.setAttribute("class", "spacewalk-filter-input input-group");
StringBuilder buf = new StringBuilder();
HtmlTag input = new HtmlTag("input");
input.setAttribute("type", "text");
input.setAttribute("class", "form-control");
input.setAttribute("name", RequestContext.FILTER_STRING);
input.setAttribute("value", pageList.getFilterData());
String placeHolder = StringEscapeUtils.escapeHtml4(
ls.getMessage("message.filterby", ls.getMessage(filterBy)));
input.setAttribute("placeholder", placeHolder);
input.setAttribute("maxlength", FILTER_MAXLENGTH);
buf.append(input.render());
input = new HtmlTag("input");
input.setAttribute("type", "hidden");
input.setAttribute("name", RequestContext.PREVIOUS_FILTER_STRING);
input.setAttribute("value", pageList.getFilterData());
buf.append(input.render());
HtmlTag btnSpan = new HtmlTag("span");
btnSpan.setAttribute("class", "input-group-btn");
HtmlTag btn = new HtmlTag("button");
btn.setAttribute("class", "btn btn-default");
btn.setAttribute("type", "submit");
btn.setAttribute("name", FILTER_DISPATCH);
btn.setAttribute("value", ls.getMessage(RequestContext.FILTER_KEY));
IconTag icon = new IconTag("item-search");
btn.addBody(icon.render());
btnSpan.addBody(btn);
buf.append(btnSpan.render());
tag.addBody(buf.toString());
out.append(tag.render());
}
/**
* <p>Escapes the characters in a <code>String</code> using HTML entities.</p>
* <p>Delegates the process to {@link StringEscapeUtils#escapeHtml4(String)}.</p>
*
* @param string the string to escape, may be null
* @return a new escaped <code>String</code>, <code>null</code> if null string input
*
* @see StringEscapeUtils#escapeHtml4(String)
*/
public String html(Object string)
{
if (string == null)
{
return null;
}
return StringEscapeUtils.escapeHtml4(String.valueOf(string));
}
/**
* Escape all HTML entities.
*
* @param text
* @return An escaped String.
* @see <a href="http://commons.apache.org/proper/commons-lang/javadocs/api-release/org/apache/commons/lang3/StringEscapeUtils.html#escapeHtml4%28java.lang.String%29">StringEscapeUtils</a>
*/
protected String escape(Object text)
{
return StringEscapeUtils.escapeHtml4(text.toString());
}
/**
* Html转码,将字符串转码为符合HTML4格式的字符串.
*
* 比如 "bread" & "butter" 转化为 "bread" & "butter"
*/
public static String escapeHtml(String html) {
return StringEscapeUtils.escapeHtml4(html);
}
/**
* get the user's last name
* @return the user's last name
*/
public String getUserLastName() {
return StringEscapeUtils.escapeHtml4(userLastName);
}
/**
* get the user's first name
* @return the user's first name
*/
public String getUserFirstName() {
return StringEscapeUtils.escapeHtml4(userFirstName);
}