文本编辑器保存数据时,出于安全考虑,需要过滤掉一些标记,如超链接、js、iframe等等。
package com.test;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* @author WangShanlin
* @version Sep 26, 2011 5:52:02 PM
*/
public class WebWhiteNameFilter {
/** regex flag union representing /si modifiers in PHP **/
private static final int REGEX_FLAGS_SI = Pattern.CASE_INSENSITIVE | Pattern.DOTALL;
private static final Pattern P_COMMENTS = Pattern.compile("",Pattern.DOTALL);
private static final Pattern P_COMMENT = Pattern.compile("^!--(.*)--$",REGEX_FLAGS_SI);
private static final Pattern P_TAGS = Pattern.compile("<(.*?)>",Pattern.DOTALL);
private static final Pattern P_END_TAG = Pattern.compile("^/([a-z0-9]+)",REGEX_FLAGS_SI);
private static final Pattern P_START_TAG = Pattern.compile("^([a-z0-9]+)(.*?)(/?)$", REGEX_FLAGS_SI);
private static final Pattern P_QUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)=([\"'])(.*?)\\2", REGEX_FLAGS_SI);
private static final Pattern P_UNQUOTED_ATTRIBUTES = Pattern.compile("([a-z0-9]+)(=)([^\"\\s']+)", REGEX_FLAGS_SI);
private static final Pattern P_PROTOCOL = Pattern.compile("^([^:]+):",REGEX_FLAGS_SI);
private static final Pattern P_ENTITY = Pattern.compile("(\\d+);?");
private static final Pattern P_ENTITY_UNICODE = Pattern.compile("([0-9a-f]+);?");
private static final Pattern P_ENCODE = Pattern.compile("%([0-9a-f]{2});?");
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_AMP = Pattern.compile("&");
private static final Pattern P_QUOTE = Pattern.compile("\"");
private static final Pattern P_LEFT_ARROW = Pattern.compile("<");
private static final Pattern P_RIGHT_ARROW = Pattern.compile(">");
private static final Pattern P_BOTH_ARROWS = Pattern.compile("<>");
// @xxx could grow large... maybe use sesat's ReferenceMap
private static final ConcurrentMap P_REMOVE_PAIR_BLANKS = new ConcurrentHashMap();
private static final ConcurrentMap P_REMOVE_SELF_BLANKS = new ConcurrentHashMap();
/**
* set of allowed html elements, along with allowed attributes for each
* element
**/
private final Map> vAllowed;
/** counts of open tags for each (allowable) html element **/
private final Map vTagCounts = new HashMap();
/** html elements which must always be self-closing (e.g. "") **/
private final String[] vSelfClosingTags;
/**
* html elements which must always have separate opening and closing tags
* (e.g. "")
**/
private final String[] vNeedClosingTags;
/** set of disallowed html elements **/
private final String[] vDisallowed;
/** attributes which should be checked for valid protocols **/
private final String[] vProtocolAtts;
/** allowed protocols **/
private final String[] vAllowedProtocols;
/**
* tags which should be removed if they contain no content (e.g. ""
* or "")
**/
private final String[] vRemoveBlanks;
/** entities allowed within html markup **/
private final String[] vAllowedEntities;
/** flag determining whether comments are allowed in input String. */
private final boolean stripComment;
private boolean vDebug = false;
/**
*
* flag determining whether to try to make tags when presented with
* "unbalanced"
*
* angle brackets (e.g. "" becomes " text "). If set to
* false,
*
* unbalanced angle brackets will be html escaped.
*/
private final boolean alwaysMakeTags;
private ArrayList empty_atts = new ArrayList();
private static WebWhiteNameFilter filter = new WebWhiteNameFilter();
// for complex attributes like style="color:red;font-style:italic"
private class Attribute {
String attrName;
Map allowedAttrValues;
public Attribute(String attrName) {
this.attrName = attrName;
}
public Attribute(String attrName, Map map) {
this.attrName = attrName;
allowedAttrValues = map;
}
}
public static String filter(String input){
return filter.dofilter(input);
}
/**
* Default constructor.
*/
public WebWhiteNameFilter() {
vAllowed = new HashMap>();
{
/*
*
* font : ['color', 'size', 'face', '.background-color']
*/
final ArrayList font_atts = new ArrayList();
Map font_style = new HashMap();
font_style.put("background-color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
font_atts.add(new Attribute("style", font_style));
font_atts.add(new Attribute("color"));
font_atts.add(new Attribute("size"));
font_atts.add(new Attribute("face"));
vAllowed.put("font", font_atts);
}
/*
*
* span : ['.color', '.background-color', '.font-size', '.font-family',
* '.background','.font-weight', '.font-style',
*
* '.text-decoration', '.vertical-align'],
*/
{
// 您哈
final ArrayList span_atts = new ArrayList();
Map span_style = new HashMap();
span_style.put("color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
span_style.put("background-color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
// ['9px', '10px', '12px', '14px', '16px', '18px', '24px', '32px']
span_style.put("font-size", Pattern.compile("([\\s\\S]*)"));
span_style.put("font-family", Pattern.compile("([\\s\\S]*)"));
span_style.put("background",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
span_style.put("font-weight",Pattern.compile("(normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)"));
span_style.put("font-style",Pattern.compile("(normal|italic|oblique)"));
span_style.put("text-decoration", Pattern.compile("(none|underline|overline|line-through|blink)"));
span_style.put("vertical-align",Pattern.compile("(auto|baseline|sub|super|top|middle|bottom|text-top|text-bottom)"));
span_atts.add(new Attribute("style", span_style));
vAllowed.put("span", span_atts);
}
/*
*
* div : ['align', '.border', '.margin', '.padding', '.text-align',
* '.color','.background-color',
*
* '.font-size', '.font-family', '.font-weight',
* '.background','.font-style', '.text-decoration',
*
* '.vertical-align', '.margin-left'],
*/
{
final ArrayList div_atts = new ArrayList();
Map div_style = new HashMap();
div_style.put("border", Pattern.compile("([\\s\\S]*)"));
div_style.put("margin", Pattern.compile("(top|right|bottom|left)"));
div_style.put("padding", Pattern.compile("([\\s\\S]*)"));
div_style.put("text-align",Pattern.compile("(left|right|center|justify)"));
div_style.put("color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
div_style.put("background-color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
div_style.put("font-size", Pattern.compile("([\\s\\S]*)"));
div_style.put("font-family", Pattern.compile("([\\s\\S]*)"));
div_style.put("font-weight",Pattern.compile("(normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)"));
div_style.put("background", Pattern.compile("([\\s\\S]*)"));
div_style.put("font-style",Pattern.compile("(normal|italic|oblique)"));
div_style.put("text-decoration", Pattern.compile("(none|underline|overline|line-through|blink)"));
div_style.put("vertical-align",Pattern.compile("(auto|baseline|sub|super|top|middle|bottom|text-top|text-bottom)"));
div_style.put("margin-left", Pattern.compile("([\\s\\S]*)"));
div_atts.add(new Attribute("style", div_style));
div_atts.add(new Attribute("align"));
vAllowed.put("div", div_atts);
}
/*
*
* table: [
*
* 'border', 'cellspacing', 'cellpadding', 'width', 'height', 'align',
* 'bordercolor','.padding', '.margin', '.border',
*
* 'bgcolor', '.text-align', '.color', '.background-color',
*
* '.font-size', '.font-family', '.font-weight', '.font-style',
* '.text-decoration', '.background','.width', '.height'
*
* ],
*/
{
final ArrayList table_atts = new ArrayList();
Map table_style = new HashMap();
table_style.put("padding", Pattern.compile("([\\s\\S]*)"));
table_style.put("margin",Pattern.compile("(top|right|bottom|left)"));
table_style.put("border", Pattern.compile("[0-2]+px"));
table_style.put("bgcolor",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
table_style.put("text-align",Pattern.compile("(left|right|center|justify)"));
table_style.put("color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
table_style.put("background-color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
table_style.put("font-size", Pattern.compile("([\\s\\S]*)"));
table_style.put("font-family", Pattern.compile("([\\s\\S]*)"));
table_style.put("font-weight",Pattern.compile("(normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)"));
table_style.put("font-style",Pattern.compile("(normal|italic|oblique)"));
table_style.put("text-decoration", Pattern.compile("(none|underline|overline|line-through|blink)"));
table_style.put("background", Pattern.compile("([\\s\\S]*)"));
table_style.put("width", Pattern.compile("([\\s\\S]*)"));
table_style.put("height", Pattern.compile("([\\s\\S]*)"));
table_atts.add(new Attribute("style", table_style));
table_atts.add(new Attribute("border"));
table_atts.add(new Attribute("cellspacing"));
table_atts.add(new Attribute("cellpadding"));
table_atts.add(new Attribute("width"));
table_atts.add(new Attribute("height"));
table_atts.add(new Attribute("align"));
table_atts.add(new Attribute("bordercolor"));
vAllowed.put("table", table_atts);
}
/*
*
* 'td,th': [
*
* 'align', 'valign', 'width', 'height', 'colspan', 'rowspan',
* 'bgcolor',
*
* '.text-align', '.color', '.background-color', '.font-size',
* '.font-family', '.font-weight',
*
* '.font-style', '.text-decoration', '.vertical-align', '.background'
*
* ],
*/
{
final ArrayList td_atts = new ArrayList();
Map td_style = new HashMap();
td_style.put("text-align",Pattern.compile("(left|right|center|justify)"));
td_style.put("color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
td_style.put("background-color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
td_style.put("font-size", Pattern.compile("([\\s\\S]*)"));
td_style.put("font-family", Pattern.compile("([\\s\\S]*)"));
td_style.put("font-weight",Pattern.compile("(normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)"));
td_style.put("font-style",Pattern.compile("(normal|italic|oblique)"));
td_style.put("text-decoration", Pattern.compile("(none|underline|overline|line-through|blink)"));
td_style.put("vertical-align",Pattern.compile("(auto|baseline|sub|super|top|middle|bottom|text-top|text-bottom)"));
td_style.put("background", Pattern.compile("([\\s\\S]*)"));
td_atts.add(new Attribute("style", td_style));
td_atts.add(new Attribute("align"));
td_atts.add(new Attribute("valign"));
td_atts.add(new Attribute("width"));
td_atts.add(new Attribute("height"));
td_atts.add(new Attribute("colspan"));
td_atts.add(new Attribute("rowspan"));
td_atts.add(new Attribute("bgcolor"));
vAllowed.put("td", td_atts);
}
{
final ArrayList th_atts = new ArrayList();
Map th_style = new HashMap();
th_style.put("text-align",Pattern.compile("(left|right|center|justify)"));
th_style.put("color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
th_style.put("background-color",Pattern.compile("(#([0-9a-fA-F]{6}|[0-9a-fA-F]{3}))"));
th_style.put("font-size", Pattern.compile("([\\s\\S]*)"));
th_style.put("font-family", Pattern.compile("([\\s\\S]*)"));
th_style.put("font-weight",Pattern.compile("(normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)"));
th_style.put("font-style",Pattern.compile("(normal|italic|oblique)"));
th_style.put("text-decoration", Pattern.compile("(none|underline|overline|line-through|blink)"));
th_style.put("vertical-align",Pattern.compile("(auto|baseline|sub|super|top|middle|bottom|text-top|text-bottom)"));
th_style.put("background", Pattern.compile("([\\s\\S]*)"));
th_atts.add(new Attribute("style", th_style));
th_atts.add(new Attribute("align"));
th_atts.add(new Attribute("valign"));
th_atts.add(new Attribute("width"));
th_atts.add(new Attribute("height"));
th_atts.add(new Attribute("colspan"));
th_atts.add(new Attribute("rowspan"));
th_atts.add(new Attribute("bgcolor"));
vAllowed.put("th", th_atts);
}
/*
*
* a : ['href', 'target', 'name'],
*/
{
final ArrayList a_atts = new ArrayList();
a_atts.add(new Attribute("href"));
a_atts.add(new Attribute("target"));
a_atts.add(new Attribute("name"));
vAllowed.put("a", a_atts);
}
/*
*
* embed : ['src', 'width', 'height', 'type', 'loop', 'autostart',
* 'quality', '.width', '.height', 'align', 'allowscriptaccess', '/'],
*/
{
final ArrayList embed_atts = new ArrayList();
Map embed_style = new HashMap();
embed_style.put("width", Pattern.compile("([\\s\\S]*)"));
embed_style.put("height", Pattern.compile("([\\s\\S]*)"));
embed_atts.add(new Attribute("style", embed_style));
embed_atts.add(new Attribute("src"));
embed_atts.add(new Attribute("width"));
embed_atts.add(new Attribute("height"));
embed_atts.add(new Attribute("type"));
embed_atts.add(new Attribute("loop"));
embed_atts.add(new Attribute("autostart"));
embed_atts.add(new Attribute("quality"));
embed_atts.add(new Attribute("align"));
embed_atts.add(new Attribute("allowscriptaccess"));
vAllowed.put("embed", embed_atts);
}
/*
*
* img : ['src', 'width', 'height', 'border', 'alt', 'title', '.width',
* '.height', '/'],
*/
{
final ArrayList img_atts = new ArrayList();
Map img_style = new HashMap();
img_style.put("width", Pattern.compile("([\\s\\S]*)"));
img_style.put("height", Pattern.compile("([\\s\\S]*)"));
img_atts.add(new Attribute("style", img_style));
img_atts.add(new Attribute("src"));
img_atts.add(new Attribute("width"));
img_atts.add(new Attribute("height"));
img_atts.add(new Attribute("border"));
img_atts.add(new Attribute("alt"));
img_atts.add(new Attribute("title"));
vAllowed.put("img", img_atts);
}
/*
*
* hr : ['/'],
*
* br : ['/'],
*/
/*
* 'p,ol,ul,li,blockquote,h1,h2,h3,h4,h5,h6' : [
*
* 'align', '.text-align', '.color', '.background-color', '.font-size',
* '.font-family', '.background',
*
* '.font-weight', '.font-style', '.text-decoration', '.vertical-align',
* '.text-indent', '.margin-left'
* ],
*/
// p
{
final ArrayList p_atts = new ArrayList();
/*
* 不要删
* Map p_style = new HashMap();
* p_style.put("text-align", Pattern.compile("(#())"));
* p_style.put("color", Pattern.compile("(#())"));
* p_style.put("background-color", Pattern.compile("(#())"));
* p_style.put("font-size", Pattern.compile("(#())"));
* p_style.put("font-family", Pattern.compile("(#())"));
* p_style.put("background", Pattern.compile("(#())"));
* p_style.put("font-weight", Pattern.compile("(#())"));
* p_style.put("font-style", Pattern.compile("(#())"));
* p_style.put("text-decoration", Pattern.compile("(#())"));
* p_style.put("vertical-align", Pattern.compile("(#())"));
* p_style.put("text-indent", Pattern.compile("(#())"));
* p_style.put("margin-left", Pattern.compile("(#())"));
* p_atts.add(new Attribute("style", p_style));
*/
p_atts.add(new Attribute("align"));
vAllowed.put("p", p_atts);
}
// ol
{
final ArrayList ol_atts = new ArrayList();
ol_atts.add(new Attribute("align"));
vAllowed.put("ol", ol_atts);
}
// ul
{
final ArrayList ul_atts = new ArrayList();
ul_atts.add(new Attribute("align"));
vAllowed.put("ul", ul_atts);
}
// li
{
final ArrayList li_atts = new ArrayList();
li_atts.add(new Attribute("align"));
vAllowed.put("li", li_atts);
}
// blockquote
{
final ArrayList blockquote_atts = new ArrayList();
blockquote_atts.add(new Attribute("align"));
vAllowed.put("blockquote", blockquote_atts);
}
// h1
{
final ArrayList h1_atts = new ArrayList();
h1_atts.add(new Attribute("align"));
vAllowed.put("h1", h1_atts);
}
// h2
{
final ArrayList h2_atts = new ArrayList();
h2_atts.add(new Attribute("align"));
vAllowed.put("h2", h2_atts);
}
// h3
{
final ArrayList h3_atts = new ArrayList();
h3_atts.add(new Attribute("align"));
vAllowed.put("h3", h3_atts);
}
// h4
{
final ArrayList h4_atts = new ArrayList();
h4_atts.add(new Attribute("align"));
vAllowed.put("h4", h4_atts);
}
// h5
{
final ArrayList h5_atts = new ArrayList();
h5_atts.add(new Attribute("align"));
vAllowed.put("h5", h5_atts);
}
// h6
{
final ArrayList h6_atts = new ArrayList();
h6_atts.add(new Attribute("align"));
vAllowed.put("h6", h6_atts);
}
// h7
{
final ArrayList h7_atts = new ArrayList();
h7_atts.add(new Attribute("align"));
vAllowed.put("h7", h7_atts);
}
/*
*
* 'tbody,tr,strong,b,sub,sup,em,i,u,strike' : []
*/
/*
*
* //b u i li link br hr p pre strong strike ul label
* vAllowed.put("b", empty_atts);
* vAllowed.put("p", empty_atts);
* vAllowed.put("strong", empty_atts);
* vAllowed.put("i", empty_atts);
* vAllowed.put("em", empty_atts);
* vAllowed.put("u", empty_atts); //增加了"u"
*/
vAllowed.put("tbody", empty_atts);
vAllowed.put("tr", empty_atts);
vAllowed.put("strong", empty_atts);
vAllowed.put("b", empty_atts);
vAllowed.put("sub", empty_atts);
vAllowed.put("em", empty_atts);
vAllowed.put("i", empty_atts);
vAllowed.put("u", empty_atts);
vAllowed.put("strike", empty_atts);
/*
*
* inlineTags : ['b', 'del', 'em', 'font', 'i', 'span', 'strike',
* 'strong', 'sub', 'sup', 'u'],
*
* endlineTags : [
*
* 'br', 'hr', 'table', 'tbody', 'td', 'tr', 'th', 'div', 'p', 'ol',
* 'ul',
*
* 'li', 'blockquote', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'script',
* 'style', 'marquee'
*
* ],
*/
/*
*
* noEndTags : ['br', 'hr', 'img', 'area', 'col', 'embed', 'input',
* 'param'],
*/
vSelfClosingTags = new String[] { "img", "br", "", "hr", "area", "col",
"embed", "input", "param" };
/*
*
* inlineTags : ['b', 'del', 'em', 'font', 'i', 'span', 'strike',
* 'strong', 'sub', 'sup', 'u'],
*
* endlineTags : [
*
* 'br', 'hr', 'table', 'tbody', 'td', 'tr', 'th', 'div', 'p', 'ol',
* 'ul',
*
* 'li', 'blockquote', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'script',
* 'style', 'marquee'
*
* ],
*/
vNeedClosingTags = new String[] { "b", "del", "em", "font", "i",
"span", "strike",
"strong", "sub", "sup", "u", "table", "tbody", "td", "tr",
"th", "div", "p", "ol", "ul", "li", "blockquote",
"h1", "h2", "h3", "h4", "h5", "h6", "h7", "marquee"
};
vDisallowed = new String[] {};
vAllowedProtocols = new String[] { "http", "mailto" }; // no ftp.
vProtocolAtts = new String[] { "src", "href" };
vRemoveBlanks = new String[] { "a", "b", "strong", "i", "em", "u" };
vAllowedEntities = new String[] { "amp", "gt", "lt", "quot", "nbsp",
"rsquo" }; // 增加了"nbsp" ,rsquo="\'"
stripComment = true;
alwaysMakeTags = true;
}
/**
* Set debug flag to true. Otherwise use default settings. See the default
* constructor.
*
*
*
* @param debug
* turn debug on with a true argument
*/
public WebWhiteNameFilter(final boolean debug) {
this();
vDebug = debug;
}
/**
* Map-parameter configurable constructor.
*
*
*
* @param configuration
* map containing configuration. keys match field names.
*/
// public HTMLFilter(final Map configuration) {
//
// assert configuration.containsKey("vAllowed") :
// "configuration requires vAllowed";
// assert configuration.containsKey("vSelfClosingTags") :
// "configuration requires vSelfClosingTags";
// assert configuration.containsKey("vNeedClosingTags") :
// "configuration requires vNeedClosingTags";
// assert configuration.containsKey("vDisallowed") :
// "configuration requires vDisallowed";
// assert configuration.containsKey("vAllowedProtocols") :
// "configuration requires vAllowedProtocols";
// assert configuration.containsKey("vProtocolAtts") :
// "configuration requires vProtocolAtts";
// assert configuration.containsKey("vRemoveBlanks") :
// "configuration requires vRemoveBlanks";
// assert configuration.containsKey("vAllowedEntities") :
// "configuration requires vAllowedEntities";
// assert configuration.containsKey("stripComment") :
// "configuration requires stripComment";
// assert configuration.containsKey("alwaysMakeTags") :
// "configuration requires alwaysMakeTags";
//
// vAllowed = Collections.unmodifiableMap((HashMap>)
// configuration.get("vAllowed"));
// vSelfClosingTags = (String[]) configuration.get("vSelfClosingTags");
// vNeedClosingTags = (String[]) configuration.get("vNeedClosingTags");
// vDisallowed = (String[]) configuration.get("vDisallowed");
// vAllowedProtocols = (String[]) configuration.get("vAllowedProtocols");
// vProtocolAtts = (String[]) configuration.get("vProtocolAtts");
// vRemoveBlanks = (String[]) configuration.get("vRemoveBlanks");
// vAllowedEntities = (String[]) configuration.get("vAllowedEntities");
// stripComment = (Boolean) configuration.get("stripComment");
// alwaysMakeTags = (Boolean) configuration.get("alwaysMakeTags");
// }
private void reset() {
vTagCounts.clear();
}
private void debug(final String msg) {
if (vDebug) {
Logger.getAnonymousLogger().info(msg);
}
}
// ---------------------------------------------------------------
// my versions of some PHP library functions
public static String chr(final int decimal) {
return String.valueOf((char) decimal);
}
public static String htmlSpecialChars(final String s) {
String result = s;
result = regexReplace(P_AMP, "&", result);
result = regexReplace(P_QUOTE, "", result);
result = regexReplace(P_LEFT_ARROW, "<", result);
result = regexReplace(P_RIGHT_ARROW, ">", result);
return result;
}
// ---------------------------------------------------------------
/**
*
* given a user submitted input String, filter out any invalid or restricted
*
* html.
*
*
*
* @param input
* text (i.e. submitted by a user) than may contain html
*
* @return "clean" version of input, with only valid, whitelisted html
* elements allowed
*/
private String dofilter(final String input) {
reset();
String s = input;
debug("************************************************");
debug(" INPUT: " + input);
s = escapeComments(s);
debug(" escapeComments: " + s);
s = balanceHTML(s);
debug(" balanceHTML: " + s);
s = checkTags(s);
debug(" checkTags: " + s);
s = processRemoveBlanks(s);
debug("processRemoveBlanks: " + s);
s = validateEntities(s);
debug(" validateEntites: " + s);
debug("************************************************\n\n");
return s;
}
public boolean isAlwaysMakeTags() {
return alwaysMakeTags;
}
public boolean isStripComments() {
return stripComment;
}
private String escapeComments(final String s) {
final Matcher m = P_COMMENTS.matcher(s);
final StringBuffer buf = new StringBuffer();
if (m.find()) {
final String match = m.group(1); // (.*?)
m.appendReplacement(buf, "");
}
m.appendTail(buf);
return buf.toString();
}
private String balanceHTML(String s) {
if (alwaysMakeTags) {
// try and form html
s = regexReplace(P_END_ARROW, "", s);
s = regexReplace(P_BODY_TO_END, "<$1>", s);
s = regexReplace(P_XML_CONTENT, "$1<$2", s);
} else {
// escape stray brackets
s = regexReplace(P_STRAY_LEFT_ARROW, "<$1", s);
s = regexReplace(P_STRAY_RIGHT_ARROW, "$1$2><", s);
// the last regexp causes '<>' entities to appear
// (we need to do a lookahead assertion so that the last bracket can
// be used in the next pass of the regexp)
s = regexReplace(P_BOTH_ARROWS, "", s);
}
return s;
}
private String checkTags(String s) {
Matcher m = P_TAGS.matcher(s);
final StringBuffer buf = new StringBuffer();
while (m.find()) {
String replaceStr = m.group(1);
replaceStr = processTag(replaceStr);
m.appendReplacement(buf, replaceStr);
}
m.appendTail(buf);
s = buf.toString();
// these get tallied in processTag
// (remember to reset before subsequent calls to filter method)
for (String key : vTagCounts.keySet()) {
for (int ii = 0; ii < vTagCounts.get(key); ii++) {
s += "" + key + ">";
}
}
return s;
}
private String processRemoveBlanks(final String s) {
String result = s;
for (String tag : vRemoveBlanks) {
if (!P_REMOVE_PAIR_BLANKS.containsKey(tag)) {
P_REMOVE_PAIR_BLANKS.putIfAbsent(tag,Pattern.compile("<" + tag + "(\\s[^>]*)?>" + tag+ ">"));
}
result = regexReplace(P_REMOVE_PAIR_BLANKS.get(tag), "", result);
if (!P_REMOVE_SELF_BLANKS.containsKey(tag)) {
P_REMOVE_SELF_BLANKS.putIfAbsent(tag,Pattern.compile("<" + tag + "(\\s[^>]*)?/>"));
}
result = regexReplace(P_REMOVE_SELF_BLANKS.get(tag), "", result);
}
return result;
}
private static String regexReplace(final Pattern regex_pattern,
final String replacement, final String s) {
Matcher m = regex_pattern.matcher(s);
return m.replaceAll(replacement);
}
private String processTag(final String s) {
// ending tags
Matcher m = P_END_TAG.matcher(s);
if (m.find()) {
final String name = m.group(1).toLowerCase();
if (allowed(name)) {
if (!inArray(name, vSelfClosingTags)) {
if (vTagCounts.containsKey(name)) {
vTagCounts.put(name, vTagCounts.get(name) - 1);
return "" + name + ">";
}
}
}
}
// starting tags
m = P_START_TAG.matcher(s);
if (m.find()) {
final String name = m.group(1).toLowerCase();
final String body = m.group(2);
String ending = m.group(3);
// debug( "in a starting tag, name='" + name + "'; body='" + body +
// "'; ending='" + ending + "'" );
if (allowed(name)) {
String params = "";
final Matcher m2 = P_QUOTED_ATTRIBUTES.matcher(body);
final Matcher m3 = P_UNQUOTED_ATTRIBUTES.matcher(body);
final List paramNames = new ArrayList();
final List paramValues = new ArrayList();
while (m2.find()) {
paramNames.add(m2.group(1)); // ([a-z0-9]+)
paramValues.add(m2.group(3)); // (.*?)
}
while (m3.find()) {
paramNames.add(m3.group(1)); // ([a-z0-9]+)
paramValues.add(m3.group(3)); // ([^\"\\s']+)
}
String paramName, paramValue;
for (int ii = 0; ii < paramNames.size(); ii++) {
paramName = paramNames.get(ii).toLowerCase();
paramValue = paramValues.get(ii);
if (allowedAttribute(name, paramName, paramValue)) {
paramValue = allMapString(name, paramName, paramValue);//
if (inArray(paramName, vProtocolAtts)) {
paramValue = processParamProtocol(paramValue);
}
params += " " + paramName + "=\"" + paramValue + "\"";
}
}
if (inArray(name, vSelfClosingTags)) {
ending = " /";
}
if (inArray(name, vNeedClosingTags)) {
ending = "";
}
if (ending == null || ending.length() < 1) {
if (vTagCounts.containsKey(name)) {
vTagCounts.put(name, vTagCounts.get(name) + 1);
} else {
vTagCounts.put(name, 1);
}
} else {
ending = " /";
}
return "<" + name + params + ending + ">";
} else {
return "";
}
}
// comments
m = P_COMMENT.matcher(s);
if (!stripComment && m.find()) {
return "<" + m.group() + ">";
}
return "";
}
private String processParamProtocol(String s) {
s = decodeEntities(s);
final Matcher m = P_PROTOCOL.matcher(s);
if (m.find()) {
final String protocol = m.group(1);
if (!inArray(protocol, vAllowedProtocols)) {
// bad protocol, turn into local anchor link instead
s = "#" + s.substring(protocol.length() + 1, s.length());
if (s.startsWith("#//")) {
s = "#" + s.substring(3, s.length());
}
}
}
return s;
}
private String decodeEntities(String s) {
StringBuffer buf = new StringBuffer();
Matcher m = P_ENTITY.matcher(s);
while (m.find()) {
final String match = m.group(1);
final int decimal = Integer.decode(match).intValue();
m.appendReplacement(buf, chr(decimal));
}
m.appendTail(buf);
s = buf.toString();
buf = new StringBuffer();
m = P_ENTITY_UNICODE.matcher(s);
while (m.find()) {
final String match = m.group(1);
final int decimal = Integer.valueOf(match, 16).intValue();
m.appendReplacement(buf, chr(decimal));
}
m.appendTail(buf);
s = buf.toString();
buf = new StringBuffer();
m = P_ENCODE.matcher(s);
while (m.find()) {
final String match = m.group(1);
final int decimal = Integer.valueOf(match, 16).intValue();
m.appendReplacement(buf, chr(decimal));
}
m.appendTail(buf);
s = buf.toString();
s = validateEntities(s);
return s;
}
private String validateEntities(String s) {
StringBuffer buf = new StringBuffer();
// validate entities throughout the string
Matcher m = P_VALID_ENTITIES.matcher(s);
while (m.find()) {
final String one = m.group(1); // ([^&;]*)
final String two = m.group(2); // (?=(;|&|$))
final String replacement = Matcher.quoteReplacement(checkEntity(
one, two));
m.appendReplacement(buf, replacement);
}
m.appendTail(buf);
s = buf.toString();
// validate quotes outside of tags
buf = new StringBuffer();
m = P_VALID_QUOTES.matcher(s);
while (m.find()) {
final String one = m.group(1); // (>|^)
final String two = m.group(2); // ([^<]+?)
final String three = m.group(3); // (<|$)
m.appendReplacement(buf,Matcher.quoteReplacement(one+ regexReplace(P_QUOTE, "", two) + three));
}
m.appendTail(buf);
s = buf.toString();
return s;
}
private String checkEntity(final String preamble, final String term) {
return ";".equals(term) && isValidEntity(preamble) ? '&' + preamble: "&" + preamble;
}
private boolean isValidEntity(final String entity) {
return inArray(entity, vAllowedEntities);
}
private static boolean inArray(final String s, final String[] array) {
for (String item : array) {
if (item != null && item.equals(s)) {
return true;
}
}
return false;
}
private boolean allowed(final String name) {
return (vAllowed.isEmpty() || vAllowed.containsKey(name))&& !inArray(name, vDisallowed);
}
private boolean allowedAttribute(final String name, final String paramName,final String paramValue) {
if (!allowed(name)){
return false;
}
if (vAllowed.isEmpty()){
return false;
}
List list = vAllowed.get(name);
if (null != list){
for (Attribute attr : list){
if (attr.attrName.equalsIgnoreCase(paramName)){
// see if no constaints
if (null == attr.allowedAttrValues){
return true;
}else{
Map attrValues = parseAttrValues(paramValue);
for (String key : attrValues.keySet()) {
String value = attrValues.get(key);
if (attr.allowedAttrValues.containsKey(key)&& attr.allowedAttrValues.get(key).matcher(value).matches()) {
return true;
}
}
}
}
}
}
// if((null != list) && (list.size() > 0))
return false;
// return && (|| .contains(paramName));
}
/**
*
* @param attrValue
*
* @return
*/
private static Map parseAttrValues(String attrValue){
Map values = new HashMap();
if ((null != attrValue) && !"".equalsIgnoreCase(attrValue.trim())){
if (attrValue.startsWith("\"")){
attrValue = attrValue.substring(1);
}
if (attrValue.endsWith("\"")){
attrValue = attrValue.substring(0, attrValue.length() - 1);
}
String[] list = attrValue.split(";");
if (null != list){
for (String str : list){
int index = str.indexOf(":");
if ((index > 0) && (index < str.length())){
values.put(str.substring(0, index),str.substring(index + 1, str.length()));
}
}
}
}
return values;
}
private String allMapString(String type, String htmltag, String old_str) {
if (old_str == null || old_str.length() == 0) {
return old_str;
}
Map map = new HashMap();
String allow_str = "";
List list = vAllowed.get(type);
if (null != list) {
for (Attribute attr : list) {
if (attr.attrName.equalsIgnoreCase(htmltag)) {
if (null == attr.allowedAttrValues) {
return old_str;
} else {
Map attrValues = (HashMap) attr.allowedAttrValues;
if (old_str.indexOf(";") > -1) {
String[] oldstr = old_str.split(";");
if (null != oldstr) {
for (String str : oldstr) {
if (str.indexOf(":") > -1) {
String kv[] = str.split(":");
if (attrValues.containsKey(kv[0])) {
if (!map.containsKey(kv[0])) {
map.put(kv[0], kv[1]);
}
}
}
}
}
}
}
}
}
}
if (map != null) {
for (String key : map.keySet()) {
allow_str += key + ":" + map.get(key) + ";";
}
}
return allow_str;
}
public static void main(String[] args) {
// bgcolor
// String
// input="";
// String
// input="bbbasfdasfasfdasfasfdaaa";
// String input="";
// String
// input="dddddd";
// String
// input="您哈";
String input = ""
+ "
"
+ ""
+ ""
+ " xx | "
+ " xxx | "
+ "
"
+ ""
+ " | "
+ " | "
+ "
"
+ ""
+ " | "
+ " | "
+ "
"
+ ""
+ "
"
+ ""
+ ""
+ "- "
+ "
xxxxxxxxxxxxxxxxx
"
+ " "
+ "
";
System.out.println(WebWhiteNameFilter.filter(input));
}
}