|
Liferay 7.0-ce-b4 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectcom.liferay.portal.util.HtmlImpl
public class HtmlImpl
Provides the implementation of the HTML utility interface for escaping, rendering, replacing, and stripping HTML text. This class uses XSS recommendations from http://www.owasp.org/index.php/Cross_Site_Scripting#How_to_Protect_Yourself when escaping HTML text.
| Field Summary | |
|---|---|
static int |
ESCAPE_MODE_ATTRIBUTE
|
static int |
ESCAPE_MODE_CSS
|
static int |
ESCAPE_MODE_JS
|
static int |
ESCAPE_MODE_TEXT
|
static int |
ESCAPE_MODE_URL
|
| Constructor Summary | |
|---|---|
HtmlImpl()
|
|
| Method Summary | |
|---|---|
String |
buildData(Map<String,Object> data)
Generates a string with the data-* attributes generated from the keys and values of a map. |
String |
escape(String text)
Escapes the text so that it is safe to use in an HTML context. |
String |
escape(String text,
int mode)
Escapes the input text as a hexadecimal value, based on the mode (type). |
String |
escapeAttribute(String attribute)
Escapes the attribute value so that it is safe to use as an attribute value. |
String |
escapeCSS(String css)
Escapes the CSS value so that it is safe to use in a CSS context. |
String |
escapeHREF(String href)
Escapes the HREF attribute so that it is safe to use as an HREF attribute. |
String |
escapeJS(String js)
Escapes the JavaScript value so that it is safe to use in a JavaScript context. |
String |
escapeJSLink(String link)
|
String |
escapeURL(String url)
Escapes the URL value so that it is safe to use as a URL. |
String |
escapeXPath(String xPath)
|
String |
escapeXPathAttribute(String xPathAttribute)
|
String |
extractText(String html)
Extracts the raw text from the HTML input, compressing its whitespace and removing all attributes, scripts, and styles. |
String |
fromInputSafe(String text)
|
String |
getAUICompatibleId(String text)
|
protected boolean |
isTag(char[] tag,
String text,
int pos)
|
String |
render(String html)
Renders the HTML content into text. |
String |
replaceMsWordCharacters(String text)
Deprecated. As of 7.0.0, with no direct replacement |
String |
replaceNewLine(String html)
Replaces all new lines or carriage returns with the
HTML tag. |
String |
stripBetween(String text,
String tag)
Strips all content delimited by the tag out of the text. |
String |
stripComments(String text)
Strips all XML comments out of the text. |
String |
stripHtml(String text)
|
protected int |
stripTag(char[] tag,
String text,
int pos)
|
String |
toInputSafe(String text)
Encodes the text so that it's safe to use as an HTML input field value. |
String |
unescape(String text)
|
String |
unescapeCDATA(String text)
|
String |
wordBreak(String text,
int columns)
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final int ESCAPE_MODE_ATTRIBUTE
public static final int ESCAPE_MODE_CSS
public static final int ESCAPE_MODE_JS
public static final int ESCAPE_MODE_TEXT
public static final int ESCAPE_MODE_URL
| Constructor Detail |
|---|
public HtmlImpl()
| Method Detail |
|---|
public String buildData(Map<String,Object> data)
{key1=value1;key2=value2} is returned as the string
data-key1=value1 data-key2=value2.
buildData in interface Htmldata - the map of values to convert to data-* attributes
null if the
map is nullpublic String escape(String text)
escape in interface Htmltext - the text to escape
null if the text is
null
public String escape(String text,
int mode)
ESCAPE_MODE_ATTRIBUTE, ESCAPE_MODE_CSS, ESCAPE_MODE_JS, ESCAPE_MODE_TEXT,
and ESCAPE_MODE_URL.
Note that escape(text, ESCAPE_MODE_TEXT) returns the same as
escape(text).
escape in interface Htmltext - the text to escapemode - the encoding type
null if the text is nullpublic String escapeAttribute(String attribute)
escapeAttribute in interface Htmlattribute - the attribute to escape
null if the
attribute value is nullpublic String escapeCSS(String css)
escapeCSS in interface Htmlcss - the CSS value to escape
null if the CSS value is
nullpublic String escapeHREF(String href)
escapeHREF in interface Htmlhref - the HREF attribute to escape
null if the HREF
attribute is nullpublic String escapeJS(String js)
escapeJS in interface Htmljs - the JavaScript value to escape
null if the
JavaScript value is nullpublic String escapeJSLink(String link)
escapeJSLink in interface Htmlpublic String escapeURL(String url)
escapeURL in interface Htmlurl - the URL value to escape
null if the URL value is
nullpublic String escapeXPath(String xPath)
escapeXPath in interface Htmlpublic String escapeXPathAttribute(String xPathAttribute)
escapeXPathAttribute in interface Htmlpublic String extractText(String html)
For example, raw text returned by this method can be stored in a search index.
extractText in interface Htmlhtml - the HTML text
null if the
HTML input is nullpublic String fromInputSafe(String text)
fromInputSafe in interface Htmlpublic String getAUICompatibleId(String text)
getAUICompatibleId in interface Htmlpublic String render(String html)
Using the default settings, the output complies with the
Text/Plain; Format=Flowed (DelSp=No) protocol described in
RFC-3676.
render in interface Htmlhtml - the HTML text
null if the HTML text is
null@Deprecated public String replaceMsWordCharacters(String text)
replaceMsWordCharacters in interface Htmltext - the text
null if the text is
nullpublic String replaceNewLine(String html)
HTML tag.
replaceNewLine in interface Htmlhtml - the text
null if the text is
null
public String stripBetween(String text,
String tag)
If the tag appears multiple times, all occurrences (including the tag) are stripped. The tag may have attributes. In order for this method to recognize the tag, it must consist of a separate opening and closing tag. Self-closing tags remain in the result.
stripBetween in interface Htmltext - the texttag - the tag used for delimiting, which should only be the tag's
name (e.g. no <)
null if the text is nullpublic String stripComments(String text)
stripComments in interface Htmltext - the text
null
if the text is nullpublic String stripHtml(String text)
stripHtml in interface Htmlpublic String toInputSafe(String text)
For example, the & character is replaced by
&.
toInputSafe in interface Htmltext - the text
null if the text is nullpublic String unescape(String text)
unescape in interface Htmlpublic String unescapeCDATA(String text)
unescapeCDATA in interface Html
public String wordBreak(String text,
int columns)
wordBreak in interface Html
protected boolean isTag(char[] tag,
String text,
int pos)
protected int stripTag(char[] tag,
String text,
int pos)
|
Liferay 7.0-ce-b4 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||