home | career | drupal | java | mac | mysql | perl | scala | uml | unix  

What this is

This file is included in the DevDaily.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Other links

The source code

/*
 * $Header: /cvsroot/mvnforum/myvietnam/src/net/myvietnam/mvncore/filter/URLFilter.java,v 1.11 2005/01/26 06:53:13 minhnn Exp $
 * $Author: minhnn $
 * $Revision: 1.11 $
 * $Date: 2005/01/26 06:53:13 $
 *
 * ====================================================================
 *
 * Copyright (C) 2002-2005 by MyVietnam.net
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or any later version.
 *
 * All copyright notices regarding MyVietnam and MyVietnam CoreLib
 * MUST remain intact in the scripts and source code.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 * Correspondence and Marketing Questions can be sent to:
 * info@MyVietnam.net
 *
 * @author: Anatol Pomozov (aka wassup) anatol.pomozov@pms-software.com
 */
package net.myvietnam.mvncore.filter;

import net.myvietnam.mvncore.MVNCoreConfig;
import net.myvietnam.mvncore.security.Encoder;

public final class URLFilter {

    static final boolean OPEN_NEW_WINDOW = true;

    private URLFilter() { //prevent instantiation
    }

    /**
     * NOTE: For security, we should call DisableHtmlTagFilter before call this method
     * @param input the string to filter
     * @return the string after being filtered
     */
    public static String filter(String input) {
        if (input == null || input.length() == 0)
            return input;
        StringBuffer buf = new StringBuffer(input.length() + 25);
        char chars[] = input.toCharArray();
        int len = input.length();
        int index = -1;
        int i = 0;
        int j = 0;
        int oldend = 0;
        while (++index < len) {
            char cur = chars[i = index];
            j = -1;
            if ((cur == 'f' && index < len - 6 && chars[++i] == 't' && chars[++i] == 'p' ||
                 cur == 'h' && (i = index) < len - 7 && chars[++i] == 't' && chars[++i] == 't' && chars[++i] == 'p' && (chars[++i] == 's' || chars[--i] == 'p'))
                 && i < len - 4 && chars[++i] == ':' && chars[++i] == '/' && chars[++i] == '/')
                j = ++i;
            if (j > 0) {// check to process http:// or https:// or ftp://
                if (index == 0 || (cur = chars[index - 1]) != '\'' && cur != '"' && cur != '<' && cur != '=') {
                    cur = chars[j];
                    while (j < len) {
                        if (cur == ' ' || cur == '\t' || cur == '\'' ||
                            cur == '"' || cur == '<' || cur == '[' ||
                            cur == '\n' ||
                            cur == '\r' && j < len - 1 && chars[j + 1] == '\n')
                            break;
                        if (++j < len)
                            cur = chars[j];
                    }
                    cur = chars[j - 1];
                    if (cur == '.' || cur == ',' || cur == ')' || cur == ']')
                        j--;
                    buf.append(chars, oldend, index - oldend);
                    buf.append("<a href=\"");
                    String href = input.substring(index, j).trim();
                    //buf.append(chars, index, j - index);
                    buf.append(Encoder.filterUrl(href));
                    buf.append('"');
                    if (OPEN_NEW_WINDOW) {
                        buf.append(" target=\"_blank\"");
                    }
                    if (MVNCoreConfig.getEnableLinkNofollow()) {
                        buf.append(" rel=\"nofollow\"");
                    }
                    buf.append('>');
                    //buf.append(chars, index, j - index);
                    buf.append(href);// should we filter it ???
                    buf.append("</a>");
                } else {
                    buf.append(chars, oldend, j - oldend);
                }
                oldend = index = j;
            } else
            if (cur == '[' && index < len - 6 && chars[i = index + 1] == 'u' && chars[++i] == 'r' && chars[++i] == 'l' &&
                (chars[++i] == '=' || chars[i] == ' ')) {
                // process [url]
                j = ++i;
                int u2;
                int u1 = u2 = input.indexOf("]", j);
                if (u1 > 0) {
                    u2 = input.indexOf("[/url]", u1 + 1);
                }
                if (u2 < 0) {
                    buf.append(chars, oldend, j - oldend);
                    oldend = j;
                } else {
                    buf.append(chars, oldend, index - oldend);
                    buf.append("<a href=\"");
                    String href = input.substring(j, u1).trim();
                    // Add http:// to the front of links if and only if it doesn't have any protocols.
                    // Doing this handles this: "[url=sun.com]SUN[/url]"
                    // Changing it to <a href="http://sun.com">SUN
                    // instead of <a href="http://localhost:8080/mvnforum/sun.com">SUN
                    if ( (href.indexOf("://") == -1) && (href.startsWith("mailto:") == false) ) {
                        href = "http://" + href;
                    }
                    if (href.indexOf("javascript:") == -1 && href.indexOf("file:") == -1) {
                        buf.append(Encoder.filterUrl(href));
                    }
                    if (OPEN_NEW_WINDOW) {
                        buf.append("\" target=\"_blank");
                    }
                    if (MVNCoreConfig.getEnableLinkNofollow()) {
                        buf.append(" rel=\"nofollow\"");
                    }
                    buf.append("\">");
                    buf.append(input.substring(u1 + 1, u2).trim());
                    buf.append("</a>");
                    oldend = u2 + 6; // 6 == length of [/url]
                }
                index = oldend - 1;// set to the last char of the tag, that is ']'
            } else
            if (cur == '[' && index < len - 6 && chars[i = index + 1] == 'i' && chars[++i] == 'm' && chars[++i] == 'g' && chars[++i] == ']' ) {
                //process [img]
                j = ++i;
                int u1 = j-1;
                int u2 = input.indexOf("[/img]", u1 + 1);
                if (u2 < 0) {
                    buf.append(chars, oldend, j - oldend);
                    oldend = j;
                } else {
                    buf.append(chars, oldend, index - oldend);
                    buf.append("<img src=\"");
                    String href = input.substring(u1 + 1, u2).trim();
                    // Add http:// to the front of links if and only if it doesn't have any protocols.
                    // Doing this handles this: "[url=sun.com]SUN[/url]"
                    // Changing it to <a href="http://sun.com">SUN
                    // instead of <a href="http://localhost:8080/mvnforum/sun.com">SUN
                    if (href.indexOf("://") == -1) {
                        href = "http://" + href;
                    }
                    if (href.indexOf("javascript:") == -1 && href.indexOf("file:") == -1) {
                        buf.append(Encoder.filterUrl(href));
                    }
                    buf.append("\" border=\"0\">");
                    oldend = u2 + 6; // 6 == length of [/img]
                }
                index = oldend -1;// set to the last char of the tag, that is ']'
            }
        }
        if (oldend < len)
            buf.append(chars, oldend, len - oldend);
        return buf.toString();
    }
/*
    public static void main(String[] args) {
        //encodePath("localhost:8080/path/index.jsp");
        String[] input = {
            "[url=mailto:minhnn@myvietnam.net]Minh[/url][img]http://localhost:8080/mvnforum/mvnplugin/mvnforum/images/logo.gif[/img]",
            "-dfadg=[img] \" onmousemove=\"alert(1); [/img]",
            "(= http://a\"onmouseover='alert(1);')",
            "[url=http://sun.com]SUN[/url] http://sun.com",
            "[url sun.com]SUN[/url]", //What to do if no http???
            "[url=javascript:alert(1);]SUN[/url]",
            "[url=\" onmousemove=\"alert(1);]Hack[/url]",
            "[url=\" onmousemove='alert(1);']Hack[/url]"//somebody wants to hack us
        };

        //URLFilter enableMVNCodeFilter = new URLFilter();
        long start = System.currentTimeMillis();

        for (int i = 0; i < input.length; i++) {
            System.out.println("input = '" + input[i] + "' length = " + input[i].length());

            String output = null;
            for (int j = 0; j < 1; j++) {
                output = URLFilter.filter(input[i]);
            }

            System.out.println("output= '" + output + "'");
        }

        long time = System.currentTimeMillis() - start;
        System.out.println("total time = " + time);
    }
 */
    /*
    public static String enableImg(String input) {
        String output = input;
        try {
            RE exp = new RE("(.*)\\[img\\](.*)\\[\\/img\\](.*)");
            boolean matched = exp.match(input);
            if (matched) {
                String front = new String();
                String back = new String();
                String matchedPattern = new String();

                front = exp.getParen(1);
                matchedPattern = exp.getParen(2);
                matchedPattern = "<img src=\"" + matchedPattern + "\" border=0 >";
                back = exp.getParen(3);

                output = front + matchedPattern + back;

                //log.info("image path is: " + output);
            }
        } catch (RESyntaxException e) {
            //log.info(e.getMessage());
        }
        return output;
    }*/

    /*
    public static void main1(String[] args) {
        URLFilter enableMVNCodeFilter = new URLFilter();
        long start = System.currentTimeMillis();

        String input = "[img]http://loclahost/test[/img] [img]http://[/img]";
        System.out.println("input = '" + input + "' length = " + input.length());

        String output = null;
        for (int j = 0; j < 1; j++) {
            output = enableMVNCodeFilter.enableImg(input);
        }

        System.out.println("output= '" + output + "'");

        long time = System.currentTimeMillis() - start;
        System.out.println("total time = " + time);
    }
    */
}


my book on functional programming

 

new blog posts

 

Copyright 1998-2019 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.