/* * Copyright (C) 2010 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.google.clearsilver.jsilver.functions.escape; import com.google.clearsilver.jsilver.functions.TextFilter; import java.io.IOException; /** * This function will be used to sanitize variables introduced into javascript that are not string * literals. e.g. * * Currently it only accepts boolean and numeric literals. All other values are replaced with a * 'null'. This behavior may be extended if required at a later time. This replicates the * autoescaping behavior of Clearsilver. */ public class JsValidateUnquotedLiteral implements TextFilter { public void filter(String in, Appendable out) throws IOException { /* Permit boolean literals */ if (in.equals("true") || in.equals("false")) { out.append(in); return; } boolean valid = true; if (in.startsWith("0x") || in.startsWith("0X")) { /* * There must be at least one hex digit after the 0x for it to be valid. Hex number. Check * that it is of the form 0(x|X)[0-9A-Fa-f]+ */ for (int i = 2; i < in.length(); i++) { char c = in.charAt(i); if (!((c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') || (c >= '0' && c <= '9'))) { valid = false; break; } } } else { /* * Must be a base-10 (or octal) number. Check that it has the form [0-9+-.eE]+ */ for (int i = 0; i < in.length(); i++) { char c = in.charAt(i); if (!((c >= '0' && c <= '9') || c == '+' || c == '-' || c == '.' || c == 'e' || c == 'E')) { valid = false; break; } } } if (valid) { out.append(in); } else { out.append("null"); } } }