public class HTMLInputFilter extends Object
This code is licensed under a Creative Commons Attribution-ShareAlike 2.5 License http://creativecommons.org/licenses/by-sa/2.5/
This code is a Java port of the original work in PHP by Cal Hendersen. http://code.iamcal.com/php/lib_filter/
The trickiest part of the translation was handling the differences in regex handling between PHP and Java. These resources were helpful in the process:
A note on naming conventions: instance variables are prefixed with a "v"; global constants are in all caps.
Sample use: String input = ... String clean = new HTMLInputFilter().filter( input );
If you find bugs or have suggestions on improvement (especially regarding perfomance), please contact me at the email below. The latest version of this source can be found at
做了如下修改:
Modifier and Type | Field and Description |
---|---|
protected static boolean |
ALWAYS_MAKE_TAGS
flag determining whether to try to make tags when presented with
"unbalanced" angle brackets (e.g.
|
protected static org.slf4j.Logger |
log |
protected static int |
REGEX_FLAGS_SI
regex flag union representing /si modifiers in php *
|
protected static boolean |
STRIP_COMMENTS
flag determing whether comments are allowed in input String.
|
protected Map |
vAllowed
set of allowed html elements, along with allowed attributes for each
element *
|
protected Set |
vAllowedEntities
entities allowed within html markup *
|
protected Set |
vAllowedProtocols
allowed protocols *
|
protected Set |
vDeniedTags
set of denied html elements *
|
protected Set |
vNeedClosingTags
html elements which must always have separate opening and closing tags
(e.g.
|
protected Set |
vProtocolAtts
attributes which should be checked for valid protocols *
|
protected Set |
vRemoveBlanks
tags which should be removed if they contain no content (e.g.
|
protected Set |
vSelfClosingTags
html elements which must always be self-closing (e.g.
|
Constructor and Description |
---|
HTMLInputFilter() |
HTMLInputFilter(Map allowed,
String[] deniedTags,
String[] selfClosingTags,
String[] needClosingTags,
String[] allowedProtocols,
String[] protocolAtts,
String[] removeBlanks,
String[] allowedEntities) |
Modifier and Type | Method and Description |
---|---|
static String |
chr(int decimal) |
String |
filter(String input)
given a user submitted input String, filter out any invalid or restricted
html.
|
String |
filter(String input,
boolean isHtml) |
static String |
htmlSpecialChars(String s) |
protected static final boolean ALWAYS_MAKE_TAGS
protected static final boolean STRIP_COMMENTS
protected static final int REGEX_FLAGS_SI
protected static final org.slf4j.Logger log
protected final Map vAllowed
protected final Set vDeniedTags
protected final Set vSelfClosingTags
protected final Set vNeedClosingTags
protected final Set vProtocolAtts
protected final Set vAllowedProtocols
protected final Set vRemoveBlanks
protected final Set vAllowedEntities
public static String chr(int decimal)
public String filter(String input)
input
- text (i.e. submitted by a user) than may contain htmlCopyright © 2006–2018 TinyGroup. All rights reserved.