Liferay 7.0-ce-b4

com.liferay.portal.util
Class HtmlImpl

java.lang.Object
  extended by com.liferay.portal.util.HtmlImpl
All Implemented Interfaces:
Html

public class HtmlImpl
extends Object
implements Html

Provides the implementation of the HTML utility interface for escaping, rendering, replacing, and stripping HTML text. This class uses XSS recommendations from http://www.owasp.org/index.php/Cross_Site_Scripting#How_to_Protect_Yourself when escaping HTML text.


Field Summary
static int ESCAPE_MODE_ATTRIBUTE
           
static int ESCAPE_MODE_CSS
           
static int ESCAPE_MODE_JS
           
static int ESCAPE_MODE_TEXT
           
static int ESCAPE_MODE_URL
           
 
Constructor Summary
HtmlImpl()
           
 
Method Summary
 String buildData(Map<String,Object> data)
          Generates a string with the data-* attributes generated from the keys and values of a map.
 String escape(String text)
          Escapes the text so that it is safe to use in an HTML context.
 String escape(String text, int mode)
          Escapes the input text as a hexadecimal value, based on the mode (type).
 String escapeAttribute(String attribute)
          Escapes the attribute value so that it is safe to use as an attribute value.
 String escapeCSS(String css)
          Escapes the CSS value so that it is safe to use in a CSS context.
 String escapeHREF(String href)
          Escapes the HREF attribute so that it is safe to use as an HREF attribute.
 String escapeJS(String js)
          Escapes the JavaScript value so that it is safe to use in a JavaScript context.
 String escapeJSLink(String link)
           
 String escapeURL(String url)
          Escapes the URL value so that it is safe to use as a URL.
 String escapeXPath(String xPath)
           
 String escapeXPathAttribute(String xPathAttribute)
           
 String extractText(String html)
          Extracts the raw text from the HTML input, compressing its whitespace and removing all attributes, scripts, and styles.
 String fromInputSafe(String text)
           
 String getAUICompatibleId(String text)
           
protected  boolean isTag(char[] tag, String text, int pos)
           
 String render(String html)
          Renders the HTML content into text.
 String replaceMsWordCharacters(String text)
          Deprecated. As of 7.0.0, with no direct replacement
 String replaceNewLine(String html)
          Replaces all new lines or carriage returns with the
HTML tag.
 String stripBetween(String text, String tag)
          Strips all content delimited by the tag out of the text.
 String stripComments(String text)
          Strips all XML comments out of the text.
 String stripHtml(String text)
           
protected  int stripTag(char[] tag, String text, int pos)
           
 String toInputSafe(String text)
          Encodes the text so that it's safe to use as an HTML input field value.
 String unescape(String text)
           
 String unescapeCDATA(String text)
           
 String wordBreak(String text, int columns)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ESCAPE_MODE_ATTRIBUTE

public static final int ESCAPE_MODE_ATTRIBUTE
See Also:
Constant Field Values

ESCAPE_MODE_CSS

public static final int ESCAPE_MODE_CSS
See Also:
Constant Field Values

ESCAPE_MODE_JS

public static final int ESCAPE_MODE_JS
See Also:
Constant Field Values

ESCAPE_MODE_TEXT

public static final int ESCAPE_MODE_TEXT
See Also:
Constant Field Values

ESCAPE_MODE_URL

public static final int ESCAPE_MODE_URL
See Also:
Constant Field Values
Constructor Detail

HtmlImpl

public HtmlImpl()
Method Detail

buildData

public String buildData(Map<String,Object> data)
Generates a string with the data-* attributes generated from the keys and values of a map. For example, a map containing {key1=value1;key2=value2} is returned as the string data-key1=value1 data-key2=value2.

Specified by:
buildData in interface Html
Parameters:
data - the map of values to convert to data-* attributes
Returns:
a string with the data attributes, or null if the map is null

escape

public String escape(String text)
Escapes the text so that it is safe to use in an HTML context.

Specified by:
escape in interface Html
Parameters:
text - the text to escape
Returns:
the escaped HTML text, or null if the text is null

escape

public String escape(String text,
                     int mode)
Escapes the input text as a hexadecimal value, based on the mode (type). The encoding types include: ESCAPE_MODE_ATTRIBUTE, ESCAPE_MODE_CSS, ESCAPE_MODE_JS, ESCAPE_MODE_TEXT, and ESCAPE_MODE_URL.

Note that escape(text, ESCAPE_MODE_TEXT) returns the same as escape(text).

Specified by:
escape in interface Html
Parameters:
text - the text to escape
mode - the encoding type
Returns:
the escaped hexadecimal value of the input text, based on the mode, or null if the text is null

escapeAttribute

public String escapeAttribute(String attribute)
Escapes the attribute value so that it is safe to use as an attribute value.

Specified by:
escapeAttribute in interface Html
Parameters:
attribute - the attribute to escape
Returns:
the escaped attribute value, or null if the attribute value is null

escapeCSS

public String escapeCSS(String css)
Escapes the CSS value so that it is safe to use in a CSS context.

Specified by:
escapeCSS in interface Html
Parameters:
css - the CSS value to escape
Returns:
the escaped CSS value, or null if the CSS value is null

escapeHREF

public String escapeHREF(String href)
Escapes the HREF attribute so that it is safe to use as an HREF attribute.

Specified by:
escapeHREF in interface Html
Parameters:
href - the HREF attribute to escape
Returns:
the escaped HREF attribute, or null if the HREF attribute is null

escapeJS

public String escapeJS(String js)
Escapes the JavaScript value so that it is safe to use in a JavaScript context.

Specified by:
escapeJS in interface Html
Parameters:
js - the JavaScript value to escape
Returns:
the escaped JavaScript value, or null if the JavaScript value is null

escapeJSLink

public String escapeJSLink(String link)
Specified by:
escapeJSLink in interface Html

escapeURL

public String escapeURL(String url)
Escapes the URL value so that it is safe to use as a URL.

Specified by:
escapeURL in interface Html
Parameters:
url - the URL value to escape
Returns:
the escaped URL value, or null if the URL value is null

escapeXPath

public String escapeXPath(String xPath)
Specified by:
escapeXPath in interface Html

escapeXPathAttribute

public String escapeXPathAttribute(String xPathAttribute)
Specified by:
escapeXPathAttribute in interface Html

extractText

public String extractText(String html)
Extracts the raw text from the HTML input, compressing its whitespace and removing all attributes, scripts, and styles.

For example, raw text returned by this method can be stored in a search index.

Specified by:
extractText in interface Html
Parameters:
html - the HTML text
Returns:
the raw text from the HTML input, or null if the HTML input is null

fromInputSafe

public String fromInputSafe(String text)
Specified by:
fromInputSafe in interface Html

getAUICompatibleId

public String getAUICompatibleId(String text)
Specified by:
getAUICompatibleId in interface Html

render

public String render(String html)
Renders the HTML content into text. This provides a human readable version of the content that is modeled on the way Mozilla Thunderbird® and other email clients provide an automatic conversion of HTML content to text in their alternative MIME encoding of emails.

Using the default settings, the output complies with the Text/Plain; Format=Flowed (DelSp=No) protocol described in RFC-3676.

Specified by:
render in interface Html
Parameters:
html - the HTML text
Returns:
the rendered HTML text, or null if the HTML text is null

replaceMsWordCharacters

@Deprecated
public String replaceMsWordCharacters(String text)
Deprecated. As of 7.0.0, with no direct replacement

Replaces all Microsoft® Word Unicode characters with plain HTML entities or characters.

Specified by:
replaceMsWordCharacters in interface Html
Parameters:
text - the text
Returns:
the converted text, or null if the text is null

replaceNewLine

public String replaceNewLine(String html)
Replaces all new lines or carriage returns with the
HTML tag.

Specified by:
replaceNewLine in interface Html
Parameters:
html - the text
Returns:
the converted text, or null if the text is null

stripBetween

public String stripBetween(String text,
                           String tag)
Strips all content delimited by the tag out of the text.

If the tag appears multiple times, all occurrences (including the tag) are stripped. The tag may have attributes. In order for this method to recognize the tag, it must consist of a separate opening and closing tag. Self-closing tags remain in the result.

Specified by:
stripBetween in interface Html
Parameters:
text - the text
tag - the tag used for delimiting, which should only be the tag's name (e.g. no <)
Returns:
the text, without the stripped tag and its contents, or null if the text is null

stripComments

public String stripComments(String text)
Strips all XML comments out of the text.

Specified by:
stripComments in interface Html
Parameters:
text - the text
Returns:
the text, without the stripped XML comments, or null if the text is null

stripHtml

public String stripHtml(String text)
Specified by:
stripHtml in interface Html

toInputSafe

public String toInputSafe(String text)
Encodes the text so that it's safe to use as an HTML input field value.

For example, the & character is replaced by &amp;.

Specified by:
toInputSafe in interface Html
Parameters:
text - the text
Returns:
the encoded text that is safe to use as an HTML input field value, or null if the text is null

unescape

public String unescape(String text)
Specified by:
unescape in interface Html

unescapeCDATA

public String unescapeCDATA(String text)
Specified by:
unescapeCDATA in interface Html

wordBreak

public String wordBreak(String text,
                        int columns)
Specified by:
wordBreak in interface Html

isTag

protected boolean isTag(char[] tag,
                        String text,
                        int pos)

stripTag

protected int stripTag(char[] tag,
                       String text,
                       int pos)

Liferay 7.0-ce-b4