Filter the specified message string for characters that are sensitive in HTML. This avoids potential attacks caused by including JavaScript codes in the request URL that is often reported in error messages. @param message The message string to be filtered @return the filtered version of the messa
(String message)
| 32 | * @return the filtered version of the message |
| 33 | */ |
| 34 | public static String filter(String message) { |
| 35 | |
| 36 | if (message == null) { |
| 37 | return null; |
| 38 | } |
| 39 | |
| 40 | char content[] = new char[message.length()]; |
| 41 | message.getChars(0, message.length(), content, 0); |
| 42 | StringBuilder result = new StringBuilder(content.length + 50); |
| 43 | for (char c : content) { |
| 44 | switch (c) { |
| 45 | case '<': |
| 46 | result.append("<"); |
| 47 | break; |
| 48 | case '>': |
| 49 | result.append(">"); |
| 50 | break; |
| 51 | case '&': |
| 52 | result.append("&"); |
| 53 | break; |
| 54 | case '"': |
| 55 | result.append("""); |
| 56 | break; |
| 57 | default: |
| 58 | result.append(c); |
| 59 | } |
| 60 | } |
| 61 | return result.toString(); |
| 62 | } |
| 63 | |
| 64 | |
| 65 | } |