public class HTML
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static class |
HTML.Entity |
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
BLOCK_NODE_FOR_ENTER |
static java.lang.String |
BLOCK_NODE_FOR_ENTER_DEFAULT |
static MXLogger |
MAXIMOLOGGER |
static java.lang.String |
RICH_TEXT_MARKER
Marker indicating that the value already contains rich text.
|
Modifier and Type | Method and Description |
---|---|
static java.lang.String |
cleanHtml(java.lang.String html,
boolean escapeCDATA)
Escape values and remove script, object, and embed tags and script from attributes
|
static java.lang.String |
cleanHtml(java.lang.String html,
boolean escapeForJavascript,
boolean escapeCDATA) |
static java.lang.String |
cleanHtml(java.lang.String html,
boolean escapeForJavascript,
boolean escapeForHTML,
boolean escapeCDATA) |
static java.lang.String |
cleanText(java.lang.String text)
Plain text, need to add line breaks, and escape characters for javascript
|
static java.lang.String |
cleanText(java.lang.String text,
boolean escapeForJavascript) |
static java.lang.String |
cleanValue(java.lang.String value,
boolean escapeForJavascript,
boolean escapeCDATA) |
static java.lang.String |
cleanValue(java.lang.String value,
boolean escapeForJavascript,
boolean escapeForHTML,
boolean escapeCDATA)
If the value is html, removes all Javascript and embedded objects, if it is text, it converts it to html
|
static boolean |
containsHtmlBreakTags(java.lang.String message) |
static java.lang.String |
decode(java.lang.String value) |
static java.lang.String |
encode(java.lang.String value)
Encodes the specified value for use in HTML attribute values or text values.
|
static java.lang.String |
encode(java.lang.String value,
java.lang.String[] allowedHTMLTags)
Encodes the specified value for use in HTML attribute values or text values.
|
static java.lang.String |
encodeTolerant(java.lang.String value)
Encodes the specified value for HTML but allows a basic set of fomatting tags.
|
static boolean |
isHtml(java.lang.String value)
Determine if the given string is html
|
static java.lang.String |
replaceNewLineWithBR(java.lang.String message) |
static java.lang.String |
richTextSanitize(java.lang.String value)
Sanitize the value to remove malicious content based on the value of the
webclient.richtext.sanitize property.
|
static java.lang.String |
sanitize(java.lang.String value)
Sanitize the value to remove malicious content.
|
static java.lang.String |
securitySafeWithHTMLEncoding(java.lang.String aText) |
static java.lang.String |
toPlainText(java.lang.String html) |
static java.lang.String |
toPlainText(java.lang.String html,
boolean encodeForHtml) |
static void |
unittestIsHtmlForceAlwaysHtml(boolean value)
For unit test only, do not use in production code
|
static void |
unittestIsHtmlForceAlwaysText(boolean value)
For unit test only, do not use in production code
|
public static final java.lang.String BLOCK_NODE_FOR_ENTER_DEFAULT
public static final java.lang.String BLOCK_NODE_FOR_ENTER
public static final MXLogger MAXIMOLOGGER
public static final java.lang.String RICH_TEXT_MARKER
public static java.lang.String cleanValue(java.lang.String value, boolean escapeForJavascript, boolean escapeCDATA)
public static java.lang.String cleanValue(java.lang.String value, boolean escapeForJavascript, boolean escapeForHTML, boolean escapeCDATA)
escapeForJavascript
- true to escape special so the string can be used in javascriptescapeForHTML
- true to encode special characters as character or entity references so the string can be used in an html attributeescapeCDATA
- true to escape CDATA blocks so that the value can be placed in a CDATA blockpublic static java.lang.String richTextSanitize(java.lang.String value)
value
- The text to be sanitized.public static java.lang.String sanitize(java.lang.String value)
value
- The text to be sanitized.public static java.lang.String encodeTolerant(java.lang.String value)
encode(String)
to completely encode all tags.value
- The text to be encoded.public static java.lang.String encode(java.lang.String value)
value
- The text to be encoded.public static java.lang.String encode(java.lang.String value, java.lang.String[] allowedHTMLTags)
value
- The text to be encoded.allowedHTMLTags
- An array of allowed HTML tags. Note that these tags must have the < and > symbols.public static java.lang.String decode(java.lang.String value)
public static boolean isHtml(java.lang.String value)
value
- the string to evaluatepublic static java.lang.String toPlainText(java.lang.String html, boolean encodeForHtml)
public static java.lang.String toPlainText(java.lang.String html)
public static java.lang.String cleanText(java.lang.String text, boolean escapeForJavascript)
public static java.lang.String cleanText(java.lang.String text)
text
- the text to be cleaned upescapeForJavascript
- True if newlines and quotes should be escaped so the resultant string can be used
as-is in a javascript string.public static java.lang.String cleanHtml(java.lang.String html, boolean escapeForJavascript, boolean escapeForHTML, boolean escapeCDATA)
public static java.lang.String cleanHtml(java.lang.String html, boolean escapeForJavascript, boolean escapeCDATA)
public static java.lang.String cleanHtml(java.lang.String html, boolean escapeCDATA)
html
- the original html stringpublic static void unittestIsHtmlForceAlwaysText(boolean value)
public static void unittestIsHtmlForceAlwaysHtml(boolean value)
public static java.lang.String replaceNewLineWithBR(java.lang.String message)
public static java.lang.String securitySafeWithHTMLEncoding(java.lang.String aText)
public static boolean containsHtmlBreakTags(java.lang.String message)