1/* 2 * Copyright (C) 2010 Google Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.google.clearsilver.jsilver.functions.html; 18 19import java.io.IOException; 20 21/** 22 * Validates that input string is a valid URI. If it is not valid, the string {@code #} is returned. 23 * If it is valid, the characters [\n\r\\'"()<>*] are URL encoded to ensure the string can be safely 24 * inserted in a CSS URL context. In particular: 25 * <ol> 26 * <li>In an '@import url("URL");' statement 27 * <li>In a CSS property such as 'background: url("URL");' 28 * </ol> 29 * In both cases, enclosing quotes are optional but parenthesis are not. This filter ensures that 30 * the URL cannot exit the parens enclosure, close a STYLE tag or reset the browser's CSS parser 31 * (via comments or newlines). 32 * <p> 33 * References: 34 * <ol> 35 * <li>CSS 2.1 URLs: http://www.w3.org/TR/CSS21/syndata.html#url 36 * <li>CSS 1 URLs: http://www.w3.org/TR/REC-CSS1/#url 37 * </ol> 38 * 39 * @see BaseUrlValidateFunction 40 */ 41public class CssUrlValidateFunction extends BaseUrlValidateFunction { 42 43 protected void applyEscaping(String in, Appendable out) throws IOException { 44 for (int i = 0; i < in.length(); i++) { 45 char ch = in.charAt(i); 46 switch (ch) { 47 case '\n': 48 out.append("%0A"); 49 break; 50 case '\r': 51 out.append("%0D"); 52 break; 53 case '"': 54 out.append("%22"); 55 break; 56 case '\'': 57 out.append("%27"); 58 break; 59 case '(': 60 out.append("%28"); 61 break; 62 case ')': 63 out.append("%29"); 64 break; 65 case '*': 66 out.append("%2A"); 67 break; 68 case '<': 69 out.append("%3C"); 70 break; 71 case '>': 72 out.append("%3E"); 73 break; 74 case '\\': 75 out.append("%5C"); 76 break; 77 default: 78 out.append(ch); 79 } 80 } 81 } 82 83} 84