}
/**
- * ersetzt gefährliche zeichen in <code>s</code>
+ * replaces dangerous characters in <code>s</code>
*
*/
return buf.toString();
}
+ /**
+ * Ersetzt in String <code>s</code> das Regexp <code>pattern</code> durch <code>substitute</code>
+ * @param s
+ * @param pattern
+ * @param substitute
+ * @return String mit den Ersetzungen
+ */
+ public static String regexpReplace(String haystack, String pattern, String substitute) {
+ try {
+ RE regex = new RE(pattern);
+ return regex.substituteAll(haystack,substitute);
+ } catch(REException ex){
+ return null;
+ }
+ }
+
+
+
/**
* Fügt einen Separator an den Pfad an
}
/**
+ * Checks to see if the path is absolute by looking for a leading file
+ * separater
+ * @todo deal with windows drive letters.
+ * @param path
+ * @return
+ */
+ public static boolean isAbsolutePath (String path) {
+ return path.startsWith(File.separator);
+ }
+
+ /**
* Löscht Slash am Anfang des Strings
* @param path
* @return
return Math.min(i, j);
}
- /**
- * Diese Routine macht aus links in reinem text browsbare links
+ /**
+ * This routine makes html links (href) out of text browseable urls
* @param text
* @return Konvertierter String
*/
}
/**
- * createURLLinks wandelt text im url-format
- * in einen klickbaren link um
- * nur sinnvoll, wenn text nicht im html-format eingegeben
+ * this routine takes text in url format and makes
+ * a clickaeble "<href>" link removing any "illegal" html tags
+ * @param haystack, the url
+ * @param title, the href link text
+ * @param imagRoot, the place to find icons
+ * @param extImage, the url of the icon to show next to the link
+ * @return a String containing the url
*/
- public static String createURLLinks(String haystack,String imageRoot,String extImage,String intImage) {
+ public static String createURLLinks(String haystack, String title, String imageRoot,String extImage) {
try {
//dieser Ausdruck brauch dringend fachliche Beratung
RE regex = new RE("((https://)|(http://)|(ftp://))+([a-zA-Z0-9_-]+).([a-zA-Z0-9_.:-]+)/?([^ \t\r\n<>]+[^ \t\r\n.,<>])");
- return regex.substituteAll(haystack,"<img src=\""+imageRoot+"/"+extImage+"\" border=\"0\"/> <a href=\"$0\">$0</a>");
+ if (title == null) {
+ return regex.substituteAll(haystack,"<img src=\""+imageRoot+"/"+extImage+"\" border=\"0\"/> <a href=\"$0\">$0</a>");
+ } else {
+ title = removeHTMLTags(title);
+ return regex.substituteAll(haystack,"<img src=\""+imageRoot+"/"+extImage+"\" border=\"0\"/> <a href=\"$0\">"+title+"</a>");
+ }
} catch(REException ex){
return null;
}
}
/**
+ * this routine takes text in url format and makes
+ * a clickaeble "<href>" link removing any "illegal" html tags
+ * @param haystack, the url
+ * @param imageRoot, the place to find icons
+ * @param extImage, the url of the icon to show next to the link
+ * @param intImage, unused
+ * @return a String containing the url
+ */
+ public static String createURLLinks(String haystack, String title, String imageRoot,String extImage,String intImage) {
+ return createURLLinks(haystack, title, imageRoot, extImage);
+ }
+
+ /**
+ * this routine takes text in url format and makes
+ * an image link removing any "illegal" html tags
+ * @param haystack, the url
+ * @param title, the image alt text, can be null
+ * @param height, height of the image
+ * @param width, width of the image
+ * @return a String containing the url
+ */
+ public static String createIMGLinks(String haystack, String title, String height,String width) {
+ try {
+ //dieser Ausdruck brauch dringend fachliche Beratung
+ RE regex = new RE("((https://)|(http://)|(ftp://))+([a-zA-Z0-9_-]+).([a-zA-Z0-9_.:-]+)/?([^ \t\r\n<>]+[^ \t\r\n.,<>])");
+ if (title != null) {
+ title = removeHTMLTags(title);
+ return regex.substituteAll(haystack,"<img src=\"$0\" width=\""+width+"\" height=\""+height+"\" alt=\""+title+"\"/> <br><i>"+title+"</i>");
+ } else {
+ return regex.substituteAll(haystack,"<img src=\"$0\" width=\""+width+"\" height=\""+height+"\" alt=\"\"/> ");
+ }
+ } catch(REException ex){
+ return null;
+ }
+ }
+
+
+
+ /**
* deleteForbiddenTags
* this method deletes all <script>, <body> and <head>-tags
*/
return null;
}
}
+
+ /**
+ * this method deletes all html tags
+ *
+ */
+
+ public static String removeHTMLTags(String haystack){
+try {
+ RE regex = new RE("<[^>]*>",RE.REG_ICASE);
+ haystack = regex.substituteAll(haystack,"");
+
+ return haystack;
+ } catch(REException ex){
+ return null;
+ }
+
+
+ }
+
+ /**
+ * this method deletes all but the approved tags html tags
+ * it also deletes approved tags which contain malicious-looking attributes and doesn't work at all
+ */
+
+
+ public static String approveHTMLTags(String haystack){
+ try {
+ String approvedTags="a|img|h1|h2|h3|h4|h5|h6|br|b|i|strong|p";
+ String badAttributes="onAbort|onBlur|onChange|onClick|onDblClick|onDragDrop|onError|onFocus|onKeyDown|onKeyPress|onKeyUp|onLoad|onMouseDown|onMouseMove|onMouseOut|onMouseOver|onMouseUp|onMove|onReset|onResize|onSelect|onSubmit|onUnload";
+ String approvedProtocols="rtsp|http|ftp|https|freenet|mailto";
+
+ // kill all the bad tags that have attributes
+ String s = "<\\s*/?\\s*(?!(("+approvedTags+")\\s))\\w+\\s[^>]*>";
+ RE regex = new RE(s,RE.REG_ICASE);
+ haystack = regex.substituteAll(haystack,"");
+
+ // kill all the bad tags that are attributeless
+ regex = new RE("<\\s*/?\\s*(?!(("+approvedTags+")\\s*>))\\w+\\s*>",RE.REG_ICASE);
+ haystack = regex.substituteAll(haystack,"");
+
+ // kill all the tags which have a javascript attribute like onLoad
+ regex = new RE("<[^>]*("+badAttributes+")[^>]*>",RE.REG_ICASE);
+ haystack = regex.substituteAll(haystack,"");
+
+ // kill all the tags which include a url to an unacceptable protocol
+ regex = new RE("<\\s*a\\s+[^>]*href=(?!(\'|\")?("+approvedProtocols+"))[^>]*>",RE.REG_ICASE);
+ haystack = regex.substituteAll(haystack,"");
+
+ return haystack;
+ } catch(REException ex){
+ ex.printStackTrace();
+ return null;
+ }
+
+
+ }
+
/**
* createHTML ruft alle regex-methoden zum unwandeln eines nicht
content=convertNewline2Break(content);
content=convertNewline2P(content);
content=createMailLinks(content,producerDocRoot,mailImage);
- content=createURLLinks(content,producerDocRoot,extImage,intImage);
+ content=createURLLinks(content,null,producerDocRoot,extImage,intImage);
return content;
}
}
+
projects / mir.git / blobdiff