StyleEscapeFunction.java revision 56ed4167b942ec265f9cee70ac4d71d10b3835ce 
1/*
2 * Copyright (C) 2010 Google Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.google.clearsilver.jsilver.functions.escape;
18
19import com.google.clearsilver.jsilver.functions.TextFilter;
20
21import java.io.IOException;
22
23/**
24 * This function will be used to sanitize variables in 'style' attributes. It strips out any
25 * characters that are not part of a whitelist of safe characters. This replicates the autoescaping
26 * behavior of Clearsilver.
27 *
28 * It does not extend SimpleEscapingFunction because SimpleEscapingFunction requires a blacklist of
29 * characters to escape. The StyleAttrEscapeFunction instead applies a whitelist, and strips out any
30 * characters not in the whitelist.
31 */
32public class StyleEscapeFunction implements TextFilter {
33
34  private static final boolean[] UNQUOTED_VALID_CHARS;
35  private static final boolean[] VALID_CHARS;
36  private static final int MAX_CHARS = 0x80;
37
38  static {
39    // Allow characters likely to occur inside a style property value.
40    // Refer http://www.w3.org/TR/CSS21/ for more details.
41    String SPECIAL_CHARS = "_.,!#%- ";
42    String UNQUOTED_SPECIAL_CHARS = "_.,!#%-";
43
44    VALID_CHARS = new boolean[MAX_CHARS];
45    UNQUOTED_VALID_CHARS = new boolean[MAX_CHARS];
46
47    for (int n = 0; n < MAX_CHARS; n++) {
48      VALID_CHARS[n] = false;
49      UNQUOTED_VALID_CHARS[n] = false;
50
51      if (Character.isLetterOrDigit(n)) {
52        VALID_CHARS[n] = true;
53        UNQUOTED_VALID_CHARS[n] = true;
54      } else {
55        if (SPECIAL_CHARS.indexOf(n) != -1) {
56          VALID_CHARS[n] = true;
57        }
58
59        if (UNQUOTED_SPECIAL_CHARS.indexOf(n) != -1) {
60          UNQUOTED_VALID_CHARS[n] = true;
61        }
62      }
63    }
64  }
65
66  private final boolean[] validChars;
67
68  /**
69   * isUnquoted should be true if the function is escaping a string that will appear inside an
70   * unquoted style attribute.
71   *
72   */
73  public StyleEscapeFunction(boolean isUnquoted) {
74    if (isUnquoted) {
75      validChars = UNQUOTED_VALID_CHARS;
76    } else {
77      validChars = VALID_CHARS;
78    }
79  }
80
81  public void filter(String in, Appendable out) throws IOException {
82    for (char c : in.toCharArray()) {
83      if (c < MAX_CHARS && validChars[c]) {
84        out.append(c);
85      } else if (c >= MAX_CHARS) {
86        out.append(c);
87      }
88    }
89  }
90
91  public void dumpInfo() {
92    for (int i = 0; i < MAX_CHARS; i++) {
93      System.out.println(i + "(" + (char) i + ")" + " :" + VALID_CHARS[i]);
94    }
95  }
96}
97