XSSUtil.java |
1 /** 2 * Copyright (c) 2000-2007 Liferay, Inc. All rights reserved. 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a copy 5 * of this software and associated documentation files (the "Software"), to deal 6 * in the Software without restriction, including without limitation the rights 7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 * copies of the Software, and to permit persons to whom the Software is 9 * furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 20 * SOFTWARE. 21 */ 22 23 package com.liferay.util; 24 25 import com.liferay.portal.kernel.util.GetterUtil; 26 import com.liferay.portal.kernel.util.StringPool; 27 28 import java.util.regex.Matcher; 29 import java.util.regex.Pattern; 30 31 /** 32 * <a href="XSSUtil.java.html"><b><i>View Source</i></b></a> 33 * 34 * @author Brian Wing Shun Chan 35 * @author Clarence Shen 36 * 37 */ 38 public class XSSUtil { 39 40 public static final String XSS_REGEXP_PATTERN = GetterUtil.getString( 41 SystemProperties.get(XSSUtil.class.getName() + ".regexp.pattern")); 42 43 public static final Pattern XSS_PATTERN = 44 Pattern.compile(XSS_REGEXP_PATTERN); 45 46 public static String strip(String text) { 47 if (text == null) { 48 return null; 49 } 50 51 CharSequence sequence = text.subSequence(0, text.length()); 52 53 Matcher matcher = XSS_PATTERN.matcher(sequence); 54 55 return matcher.replaceAll(StringPool.BLANK); 56 } 57 58 }