1
22
23 package com.liferay.util;
24
25 import com.liferay.portal.kernel.util.StringMaker;
26 import com.liferay.portal.kernel.util.StringPool;
27 import com.liferay.portal.kernel.util.StringUtil;
28
29
37 public class Html {
38
39 public static String escape(String text) {
40 if (text == null) {
41 return null;
42 }
43
44
48 StringMaker sm = new StringMaker(text.length());
49
50 for (int i = 0; i < text.length(); i++) {
51 char c = text.charAt(i);
52
53 switch (c) {
54 case '<':
55 sm.append("<");
56
57 break;
58
59 case '>':
60 sm.append(">");
61
62 break;
63
64 case '&':
65 sm.append("&");
66
67 break;
68
69 case '"':
70 sm.append(""");
71
72 break;
73
74 case '\'':
75 sm.append("'");
76
77 break;
78
79 case '(':
80 sm.append("(");
81
82 break;
83
84 case ')':
85 sm.append(")");
86
87 break;
88
89 case '#':
90 sm.append("#");
91
92 break;
93
94 case '%':
95 sm.append("%");
96
97 break;
98
99 case ';':
100 sm.append(";");
101
102 break;
103
104 case '+':
105 sm.append("+");
106
107 break;
108
109 case '-':
110 sm.append("-");
111
112 break;
113
114 default:
115 sm.append(c);
116
117 break;
118 }
119 }
120
121 return sm.toString();
122 }
123
124 public static String formatTo(String text) {
125 return escape(text);
126 }
127
128 public static String formatFrom(String text) {
129 if (text == null) {
130 return null;
131 }
132
133
135 text = StringUtil.replace(text, "<", "<");
136 text = StringUtil.replace(text, ">", ">");
137 text = StringUtil.replace(text, "&", "&");
138 text = StringUtil.replace(text, """, "\"");
139 text = StringUtil.replace(text, "'", "'");
140 text = StringUtil.replace(text, "(", "(");
141 text = StringUtil.replace(text, ")", ")");
142 text = StringUtil.replace(text, "#", "#");
143 text = StringUtil.replace(text, "%", "%");
144 text = StringUtil.replace(text, ";", ";");
145 text = StringUtil.replace(text, "+", "+");
146 text = StringUtil.replace(text, "-", "-");
147
148 return text;
149 }
150
151 public static String fromInputSafe(String text) {
152 return StringUtil.replace(text, "&", "&");
153 }
154
155 public static String stripBetween(String text, String tag) {
156 return StringUtil.stripBetween(text, "<" + tag, "</" + tag + ">");
157 }
158
159 public static String stripComments(String text) {
160 return StringUtil.stripBetween(text, "<!--", "-->");
161 }
162
163 public static String stripHtml(String text) {
164 if (text == null) {
165 return null;
166 }
167
168 text = stripComments(text);
169
170 StringMaker sm = new StringMaker(text.length());
171
172 int x = 0;
173 int y = text.indexOf("<");
174
175 while (y != -1) {
176 sm.append(text.substring(x, y));
177 sm.append(StringPool.SPACE);
178
179
181 boolean scriptFound = _isScriptTag(text, y + 1);
182
183 if (scriptFound) {
184 int pos = y + _TAG_SCRIPT.length;
185
186
188 pos = text.indexOf(">", pos);
189
190 if (pos >= 0) {
191
192
195 if (text.charAt(pos-1) != '/') {
196
197
199 for (;;) {
200 pos = text.indexOf("</", pos);
201
202 if (pos >= 0) {
203 if (_isScriptTag(text, pos + 2)) {
204 y = pos;
205
206 break;
207 }
208 else {
209
210
212 pos += 2;
213 }
214 }
215 else {
216 break;
217 }
218 }
219 }
220 }
221 }
222
223 x = text.indexOf(">", y);
224
225 if (x == -1) {
226 break;
227 }
228
229 x++;
230
231 if (x < y) {
232
233
235 break;
236 }
237
238 y = text.indexOf("<", x);
239 }
240
241 if (y == -1) {
242 sm.append(text.substring(x, text.length()));
243 }
244
245 return sm.toString();
246 }
247
248 public static String toInputSafe(String text) {
249 return StringUtil.replace(
250 text,
251 new String[] {"&", "\""},
252 new String[] {"&", """});
253 }
254
255 private static boolean _isScriptTag(String text, int start) {
256 char item;
257 int pos = start;
258
259 if (pos + _TAG_SCRIPT.length + 1 <= text.length()) {
260 for (int i = 0; i < _TAG_SCRIPT.length; i++) {
261 item = text.charAt(pos++);
262
263 if (Character.toLowerCase(item) != _TAG_SCRIPT[i]) {
264 return false;
265 }
266 }
267
268 item = text.charAt(pos);
269
270
272 return !Character.isLetter(item);
273 }
274 else {
275 return false;
276 }
277 }
278
279 private static final char[] _TAG_SCRIPT = {'s', 'c', 'r', 'i', 'p', 't'};
280
281 }