package com.ws.bbcode.util;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.htmlparser.Attribute;
import org.htmlparser.Node;
import org.htmlparser.Tag;
import org.htmlparser.lexer.Lexer;
import org.htmlparser.nodes.TextNode;
import com.ws.bbcode.configuration.BBCodeConfig;
import com.ws.bbcode.exception.BBCodeException;
public class SafeHtml {
private static Set welcomeTags;
private static Set welcomeAttributes;
private static Set allowedProtocols;
static {
welcomeTags = new HashSet();
welcomeAttributes = new HashSet();
allowedProtocols = new HashSet();
splitAndTrim(BBCodeConfig.getHTML_TAGS_WELCOME(), welcomeTags);
splitAndTrim(BBCodeConfig.getHTML_ATTRIBUTES_WELCOME(), welcomeAttributes);
splitAndTrim(BBCodeConfig.getHTML_LINKS_ALLOW_PROTOCOLS(), allowedProtocols);
}
private static void splitAndTrim(String s, Set data)
{
if (s == null) {
return;
}
String[] tags = s.toUpperCase().split(",");
for (int i = 0; i < tags.length; i++) {
data.add(tags[i].trim());
}
}
/**
* Given an input, analyze each HTML tag and remove unsecure attributes from them.
* @param contents The content to verify
* @return the content, secure.
*/
public String ensureAllAttributesAreSafe(String contents)
{
StringBuffer sb = new StringBuffer(contents.length());
try {
Lexer lexer = new Lexer(contents);
Node node;
while ((node = lexer.nextNode()) != null) {
if (node instanceof Tag) {
Tag tag = (Tag)node;
this.checkAndValidateAttributes(tag, false);
sb.append(tag.toHtml());
}
else {
sb.append(node.toHtml());
}
}
}
catch (Exception e) {
throw new BBCodeException("Problems while parsing HTML: " + e, e);
}
return sb.toString();
}
/**
* Given an input, makes it safe for HTML displaying.
* Removes any not allowed HTML tag or attribute, as well
* unwanted Javascript statements inside the tags.
* @param contents the input to analyze
* @return the modified and safe string
*/
public String makeSafe(String contents)
{
if (contents == null || contents.length() == 0) {
return contents;
}
StringBuffer sb = new StringBuffer(contents.length());
try {
Lexer lexer = new Lexer(contents);
Node node;
while ((node = lexer.nextNode()) != null) {
boolean isTextNode = node instanceof TextNode;
if (isTextNode) {
// Text nodes are raw data, so we just
// strip off all possible html content
String text = node.toHtml();
if (text.indexOf('>') > -1 || text.indexOf('<') > -1) {
StringBuffer tmp = new StringBuffer(text);
BBCodeUtil.replaceAll(tmp, "<", "<");
BBCodeUtil.replaceAll(tmp, ">", ">");
BBCodeUtil.replaceAll(tmp, "\"", """);
node.setText(tmp.toString());
}
}
if (isTextNode || (node instanceof Tag && this.isTagWelcome(node))) {
sb.append(node.toHtml());
}
else {
StringBuffer tmp = new StringBuffer(node.toHtml());
BBCodeUtil.replaceAll(tmp, "<", "<");
BBCodeUtil.replaceAll(tmp, ">", ">");
sb.append(tmp.toString());
}
}
}
catch (Exception e) {
throw new BBCodeException("Error while parsing HTML: " + e, e);
}
return sb.toString();
}
/**
* Returns true if a given tag is allowed.
* Also, it checks and removes any unwanted attribute the tag may contain.
* @param node The tag node to analyze
* @return true if it is a valid tag.
*/
private boolean isTagWelcome(Node node)
{
Tag tag = (Tag)node;
if (!welcomeTags.contains(tag.getTagName())) {
return false;
}
this.checkAndValidateAttributes(tag, true);
return true;
}
/**
* Given a tag, check its attributes, removing those unwanted or not secure
* @param tag The tag to analyze
* @param checkIfAttributeIsWelcome true if the attribute name should be matched
* against the list of welcome attributes, set in the main configuration file.
*/
private void checkAndValidateAttributes(Tag tag, boolean checkIfAttributeIsWelcome)
{
Vector newAttributes = new Vector();
for (Iterator iter = tag.getAttributesEx().iterator(); iter.hasNext(); ) {
Attribute a = (Attribute)iter.next();
String name = a.getName();
if (name == null) {
newAttributes.add(a);
}
else {
name = name.toUpperCase();
if (a.getValue() == null) {
newAttributes.add(a);
continue;
}
String value = a.getValue().toLowerCase();
if (checkIfAttributeIsWelcome && !this.isAttributeWelcome(name)) {
continue;
}
if (!this.isAttributeSafe(name, value)) {
continue;
}
if (a.getValue().indexOf("&#") > -1) {
a.setValue(a.getValue().replaceAll("&#", "&#"));
}
newAttributes.add(a);
}
}
tag.setAttributesEx(newAttributes);
}
/**
* Check if the given attribute name is in the list of allowed attributes
* @param name the attribute name
* @return true if it is an allowed attribute name
*/
private boolean isAttributeWelcome(String name)
{
return welcomeAttributes.contains(name);
}
/**
* Check if the attribute is safe, checking either its name and value.
* @param name the attribute name
* @param value the attribute value
* @return true if it is a safe attribute
*/
private boolean isAttributeSafe(String name, String value)
{
if (name.length() >= 2 && name.charAt(0) == 'O' && name.charAt(1) == 'N') {
return false;
}
if (value.indexOf('\n') > -1 || value.indexOf('\r') > -1 || value.indexOf('\0') > -1) {
return false;
}
if (("HREF".equals(name) || "SRC".equals(name))) {
if (!this.isHrefValid(value)) {
return false;
}
}
else if ("STYLE".equals(name)) {
// It is much more a try to not allow constructions
// like style="background-color: url(javascript:xxxx)" than anything else
if (value.indexOf('(') > -1) {
return false;
}
}
return true;
}
/**
* Checks if a given address is valid
* @param href The address to check
* @return true if it is valid
*/
private boolean isHrefValid(String href)
{
if (BBCodeConfig.isHTML_LINKS_ALLOW_RELATIVE()
&& href.length() > 0
&& href.charAt(0) == '/') {
return true;
}
for (Iterator iter = allowedProtocols.iterator(); iter.hasNext(); ) {
String protocol = iter.next().toString().toLowerCase();
if (href.startsWith(protocol)) {
return true;
}
}
return false;
}
}
没有合适的资源?快使用搜索试试~ 我知道了~
BBCode模板源码(抽取jforum2.1.8 BBCode 界面及源码)
共149个文件
svn-base:52个
gif:30个
js:15个
4星 · 超过85%的资源 需积分: 9 18 下载量 15 浏览量
2009-07-09
16:15:47
上传
评论
收藏 508KB ZIP 举报
温馨提示
BBCode模板源码(抽取jforum2.1.8 BBCode 界面及源码)
资源推荐
资源详情
资源评论
收起资源包目录
BBCode模板源码(抽取jforum2.1.8 BBCode 界面及源码) (149个子文件)
all-wcprops 5KB
SafeHtml.class 5KB
BBCodeOptions.class 5KB
BBCodeHandler.class 4KB
BBCodeConfig.class 4KB
BBCode.class 2KB
BBCodeInitListener.class 1KB
Smilie.class 1KB
PropertiesUtil.class 1KB
BBCodeException.class 878B
BBCodeUtil.class 842B
BBCodeTest.class 814B
.classpath 593B
org.eclipse.wst.common.component 422B
org.eclipse.wst.jsdt.ui.superType.container 49B
style.css 8KB
SyntaxHighlighter.css 4KB
tabs.css 992B
bbcode.css 467B
Thumbs.db 34KB
Thumbs.db 6KB
entries 4KB
format 2B
e8a506dc4ad763aca51bec4ca7dc8560.gif 2KB
49869fe8223507d7223db3451e5321aa.gif 2KB
0320a00cb4bb5629ab9fc2bc1fcc4e9e.gif 2KB
1cfd6e2a9a2c0cf8e74b49b35e2e46c7.gif 2KB
e78feac27fa924c4d0ad6cf5819f3554.gif 2KB
2e207fad049d4d292f60607f80f05768.gif 1024B
47941865eb7bbc2a777305b46cc059a2.gif 1024B
d6741711aa045b812616853b5507fd2a.gif 1024B
97ada74b88049a6d50a6ed40898a03d7.gif 1024B
0a4d7238daa496a758252d0a2b1a1384.gif 1024B
2786c5c8e1a8be796fb2f726cca5a0fe.gif 1024B
8f7fb9dd46fb8ef86f81154a4feaada9.gif 1024B
ed515dbff23a0ee3241dcc0a601c9ed6.gif 1024B
9293feeb0183c67ea1ea8c52f0dbaf8c.gif 1024B
908627bbe5e9f6a080977db8c365caff.gif 1024B
499fd50bc713bfcdf2ab5a23c00c2d62.gif 1024B
69934afc394145350659cd7add244ca9.gif 1024B
b2eb59423fbf5fa39342041237025880.gif 1024B
9d71f0541cff0a302a0309c5079e8dee.gif 1024B
385970365b8ed7503b4294502a458efa.gif 1024B
8a80c6485cd926be453217d59a84a888.gif 1024B
136dd33cba83140c7ce38db096d05aed.gif 1024B
283a16da79f3aa23fe1025c96295f04f.gif 1024B
1069449046bcd664c21db15b1dfedaee.gif 1024B
3b63d1616c5dfcf29f8a7a031aaa7cad.gif 1024B
c30b4198e0907b23b8246bdd52aa1c3c.gif 1024B
cellpic1.gif 398B
button_hover.gif 298B
button.gif 295B
quote.gif 153B
htmlparser-1.5.jar 230KB
xml-apis.jar 122KB
servlet-api.jar 86KB
SafeHtml.java 6KB
BBCodeOptions.java 6KB
BBCodeConfig.java 3KB
BBCodeHandler.java 3KB
BBCode.java 2KB
Smilie.java 1KB
PropertiesUtil.java 669B
BBCodeInitListener.java 570B
BBCodeUtil.java 534B
BBCodeException.java 348B
BBCodeTest.java 328B
shCore.js 13KB
post.js 10KB
shBrushCss.js 5KB
shBrushPhp.js 4KB
shBrushCpp.js 3KB
shBrushSql.js 2KB
shBrushDelphi.js 2KB
shBrushVb.js 1KB
shBrushXml.js 1KB
shBrushRuby.js 1KB
shBrushPython.js 1KB
shBrushJava.js 1KB
shBrushCSharp.js 1KB
bbcode_help.js 1KB
shBrushJScript.js 1KB
.jsdtscope 454B
form.jsp 8KB
result.jsp 2KB
index.jsp 43B
MANIFEST.MF 39B
org.eclipse.wst.jsdt.ui.superType.name 6B
org.eclipse.jdt.core.prefs 330B
org.eclipse.core.resources.prefs 167B
.project 1KB
smile_config.properties 1KB
bbcode.properties 346B
e78feac27fa924c4d0ad6cf5819f3554.gif.svn-base 2KB
0320a00cb4bb5629ab9fc2bc1fcc4e9e.gif.svn-base 2KB
49869fe8223507d7223db3451e5321aa.gif.svn-base 2KB
1cfd6e2a9a2c0cf8e74b49b35e2e46c7.gif.svn-base 2KB
e8a506dc4ad763aca51bec4ca7dc8560.gif.svn-base 2KB
2786c5c8e1a8be796fb2f726cca5a0fe.gif.svn-base 1024B
908627bbe5e9f6a080977db8c365caff.gif.svn-base 1024B
共 149 条
- 1
- 2
资源评论
- 大猩猩2011-11-17找了好久,这个好像在jf里面分离出来的,没想到的好,但是谢了
- V胡桃夹子2012-03-24非常好用,做到了像QQ留言一样的功能,而且还能分离使用、挺好的!
- tcdthgdhb2013-03-10不太实用,不值10分
- p616040488x2013-04-27找了好久是jf里分离出来的,不太是我想要的,但实在找不到别的了,感谢分享
THORLST
- 粉丝: 3
- 资源: 25
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- YOLOV4-TINY权重文件
- 以下是一个使用贪心算法解决多机调度问题的基本步骤0.txt
- 基于大数据的房产估价是近年来随着技术的发展而兴起的一种新型估价方法.txt
- 企业供应链管理系统v3.rar
- 富芮坤FR8016HA蓝牙开发板使用手册+硬件PCB图+封装库+DEMO演示软件源代码.zip
- 基于YOLOv7的芯片表面缺陷检测系统
- 京东物流 数字化供应链综合研究报告2018.rar
- 基于YOLOv7的植物虫害识别&防治系统
- 2000.1-2023.8中国经济政策不确定性指数月度数据.xlsx
- Screenshot_2024-04-21-20-42-15-443_com.tencent.mm.jpg
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功