Filter HTML/SCRIPT input from textfields
Moderators: Jon, Steve, Ian, Dave
-
Vircos
- Ebase User
- Posts: 97
- Joined: Thu Sep 13, 2007 6:07 am
- Location: The Netherlands
Filter HTML/SCRIPT input from textfields
For security reasons sometimes it is handy to filter any html or script input from a textfield. As far as I know Ebase lacks this functionality at the moment. Is it possible to implement such a functionality?
0 x
What's the meaning of Justice...
-
Joost
- Ebase User
- Posts: 49
- Joined: Fri Sep 14, 2007 6:14 pm
- Location: The Netherlands
Re: Filter HTML/SCRIPT input from textfields
You possibly could create a customfunction which calls following code. You could enhance it to be able to allow specific html tags or characters.
You call it from your customfunction with:
Code: Select all
package nl.oss.utils;
public class XmlUtil {
static char[] specialCharacters = { '&', '<', '>', '\'', '"' };
static String[] replacementStrings = { "&", "<", ">", "'", """ };
/**
* Sanitizes input string by replacing &, <, >, ' and " to
* the predefined entities &amp;, &lt;, &gt;, &apos; and
* &quot;.
*
* @param text string to sanitize.
*
* @return Sanitized string.
*
* @see http://java.sun.com/j2ee/1.4/docs/tutorial/doc/IntroXML3.html
* @see http://forum.java.sun.com/thread.jspa?threadID=294114&messageID=1161051
*/
public static String sanitizeTextLite( String text ) {
StringBuffer buffer = new StringBuffer( text );
for( int i = 0; i < buffer.length(); i++ ) {
for( int k = 0; k < specialCharacters.length; k++ ) {
if( buffer.charAt(i) == specialCharacters[k] ) {
buffer.replace( i, i + 1, replacementStrings[k] );
i += replacementStrings[k].length();
}
}
}
return buffer.toString();
}
/**
* Sanitizes input string by replacing &, <, >, ' and " to
* the predefined entities &amp;, &lt;, &gt;, &apos; and
* &quot;.
* Additionally replaces unicode characters above 128 to character
* references such as “.
*
* @param text string to sanitize.
*
* @return Sanitized string.
*
* @see http://java.sun.com/j2ee/1.4/docs/tutorial/doc/IntroXML3.html
* @see http://forum.java.sun.com/thread.jspa?threadID=294114&messageID=1161051
*/
public static String sanitizeText( String text ) {
StringBuffer buffer = new StringBuffer( text );
for( int i = 0; i < buffer.length(); i++ ) {
for( int k = 0; k < specialCharacters.length; k++ ) {
if( buffer.charAt(i) == specialCharacters[k] ) {
buffer.replace( i, i + 1, replacementStrings[k] );
i += replacementStrings[k].length();
} else if( (int)buffer.charAt(i) > 128 ) {
String replacement = "&#" + (int)buffer.charAt(i) + ";";
buffer.replace( i, i + 1, replacement );
i += replacement.length();
}
}
}
return buffer.toString();
}
} // class XmlUtil
Code: Select all
language = XmlUtil.sanitizeTextLite( form.getFieldValue("LANGUAGE") );
0 x
-
Vircos
- Ebase User
- Posts: 97
- Joined: Thu Sep 13, 2007 6:07 am
- Location: The Netherlands
Who is online
Users browsing this forum: No registered users and 103 guests