/* inlineTags : ['b', 'del', 'em', 'font', 'i', 'span', 'strike', 'strong', 'sub', 'sup', 'u'], endlineTags : [ 'br', 'hr', 'table', 'tbody', 'td', 'tr', 'th', 'div', 'p', 'ol', 'ul', 'li', 'blockquote', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'script', 'style', 'marquee' ], */
vNeedClosingTags = new String[]{\ \\\\\\\\\\ \ };
vDisallowed = new String[]{};
vAllowedProtocols = new String[]{\ vProtocolAtts = new String[]{\
vRemoveBlanks = new String[]{\
vAllowedEntities = new String[]{\ //增加了\,rsquo=\
stripComment = true; alwaysMakeTags = true; }
/** Set debug flag to true. Otherwise use default settings. See the default constructor. *
* @param debug turn debug on with a true argument */
public WebWhiteNameFilter(final boolean debug) { this();
vDebug = debug;
}
/** Map-parameter configurable constructor. *
* @param configuration map containing configuration. keys match field names. */
// public HTMLFilter(final Map
// assert configuration.containsKey(\// assert configuration.containsKey(\: \requires vSelfClosingTags\
// assert configuration.containsKey(\: \requires vNeedClosingTags\
// assert configuration.containsKey(\: \requires
vDisallowed\
// assert configuration.containsKey(\: \requires vAllowedProtocols\
// assert configuration.containsKey(\: \requires vProtocolAtts\
// assert configuration.containsKey(\: \requires vRemoveBlanks\
// assert configuration.containsKey(\: \requires vAllowedEntities\
// assert configuration.containsKey(\: \requires stripComment\
// assert configuration.containsKey(\: \requires alwaysMakeTags\//
// vAllowed = Collections.unmodifiableMap((HashMap
// vSelfClosingTags = (String[]) configuration.get(\// vNeedClosingTags = (String[]) configuration.get(\// vDisallowed = (String[]) configuration.get(\
// vAllowedProtocols = (String[]) configuration.get(\// vProtocolAtts = (String[]) configuration.get(\
// vRemoveBlanks = (String[]) configuration.get(\// vAllowedEntities = (String[]) configuration.get(\// stripComment = (Boolean) configuration.get(\
// alwaysMakeTags = (Boolean) configuration.get(\// }
private void reset() { vTagCounts.clear(); }
private void debug(final String msg) { if (vDebug) {
Logger.getAnonymousLogger().info(msg); } }
//--------------------------------------------------------------- // my versions of some PHP library functions public static String chr(final int decimal) { return String.valueOf((char) decimal); }
public static String htmlSpecialChars(final String s) {
String result = s;
result = regexReplace(P_AMP, \ result = regexReplace(P_QUOTE, \ result = regexReplace(P_LEFT_ARROW, \ result = regexReplace(P_RIGHT_ARROW, \ return result; }
//--------------------------------------------------------------- /**
* given a user submitted input String, filter out any invalid or restricted * html. *
* @param input text (i.e. submitted by a user) than may contain html
* @return \ */
private String dofilter(final String input) { reset();
String s = input;
debug(\ debug(\ INPUT: \
s = escapeComments(s);
debug(\ escapeComments: \
s = balanceHTML(s);
debug(\ balanceHTML: \
s = checkTags(s);
debug(\ checkTags: \
s = processRemoveBlanks(s);
debug(\
s = validateEntities(s);
debug(\ validateEntites: \
debug(\ return s; }
public boolean isAlwaysMakeTags(){ return alwaysMakeTags;
}
public boolean isStripComments(){ return stripComment; }
private String escapeComments(final String s) { final Matcher m = P_COMMENTS.matcher(s); final StringBuffer buf = new StringBuffer(); if (m.find()) {
final String match = m.group(1); //(.*?)
m.appendReplacement(buf, \ }
m.appendTail(buf);
return buf.toString(); }
private String balanceHTML(String s) { if (alwaysMakeTags) { //
// try and form html //
s = regexReplace(P_END_ARROW, \
s = regexReplace(P_BODY_TO_END, \ s = regexReplace(P_XML_CONTENT, \
} else { //
// escape stray brackets //
s = regexReplace(P_STRAY_LEFT_ARROW, \
s = regexReplace(P_STRAY_RIGHT_ARROW, \
//
// the last regexp causes '<>' entities to appear
// (we need to do a lookahead assertion so that the last bracket can // be used in the next pass of the regexp) //
s = regexReplace(P_BOTH_ARROWS, \ }
return s; }
