package com.jcdm.common.utils.html;
import com.jcdm.common.utils.StringUtils;
/**
* 转义和å转义工具类
*
* @author jc
*/
public class EscapeUtil
{
public static final String RE_HTML_MARK = "(<[^<]*?>)|(<[\\s]*?/[^<]*?>)|(<[^<]*?/[\\s]*?>)";
private static final char[][] TEXT = new char[64][];
static
{
for (int i = 0; i < 64; i++)
{
TEXT[i] = new char[] { (char) i };
}
// special HTML characters
TEXT['\''] = "'".toCharArray(); // å•å¼•å·
TEXT['"'] = """.toCharArray(); // åŒå¼•å·
TEXT['&'] = "&".toCharArray(); // &符
TEXT['<'] = "<".toCharArray(); // å°äºŽå·
TEXT['>'] = ">".toCharArray(); // 大于å·
}
/**
* 转义文本ä¸çš„HTMLå—符为安全的å—符
*
* @param text 被转义的文本
* @return 转义åŽçš„文本
*/
public static String escape(String text)
{
return encode(text);
}
/**
* 还原被转义的HTML特殊å—符
*
* @param content 包å«è½¬ä¹‰ç¬¦çš„HTML内容
* @return 转æ¢åŽçš„å—符串
*/
public static String unescape(String content)
{
return decode(content);
}
/**
* 清除所有HTMLæ ‡ç¾ï¼Œä½†æ˜¯ä¸åˆ é™¤æ ‡ç¾å†…的内容
*
* @param content 文本
* @return æ¸…é™¤æ ‡ç¾åŽçš„文本
*/
public static String clean(String content)
{
return new HTMLFilter().filter(content);
}
/**
* Escapeç¼–ç
*
* @param text 被编ç 的文本
* @return ç¼–ç åŽçš„å—符
*/
private static String encode(String text)
{
if (StringUtils.isEmpty(text))
{
return StringUtils.EMPTY;
}
final StringBuilder tmp = new StringBuilder(text.length() * 6);
char c;
for (int i = 0; i < text.length(); i++)
{
c = text.charAt(i);
if (c < 256)
{
tmp.append("%");
if (c < 16)
{
tmp.append("0");
}
tmp.append(Integer.toString(c, 16));
}
else
{
tmp.append("%u");
if (c <= 0xfff)
{
// issue#I49JU8@Gitee
tmp.append("0");
}
tmp.append(Integer.toString(c, 16));
}
}
return tmp.toString();
}
/**
* Escape解ç
*
* @param content 被转义的内容
* @return 解ç åŽçš„å—符串
*/
public static String decode(String content)
{
if (StringUtils.isEmpty(content))
{
return content;
}
StringBuilder tmp = new StringBuilder(content.length());
int lastPos = 0, pos = 0;
char ch;
while (lastPos < content.length())
{
pos = content.indexOf("%", lastPos);
if (pos == lastPos)
{
if (content.charAt(pos + 1) == 'u')
{
ch = (char) Integer.parseInt(content.substring(pos + 2, pos + 6), 16);
tmp.append(ch);
lastPos = pos + 6;
}
else
{
ch = (char) Integer.parseInt(content.substring(pos + 1, pos + 3), 16);
tmp.append(ch);
lastPos = pos + 3;
}
}
else
{
if (pos == -1)
{
tmp.append(content.substring(lastPos));
lastPos = content.length();
}
else
{
tmp.append(content.substring(lastPos, pos));
lastPos = pos;
}
}
}
return tmp.toString();
}
public static void main(String[] args)
{
String html = "<script>alert(1);</script>";
String escape = EscapeUtil.escape(html);
// String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
// String html = "<123";
// String html = "123>";
System.out.println("clean: " + EscapeUtil.clean(html));
System.out.println("escape: " + escape);
System.out.println("unescape: " + EscapeUtil.unescape(escape));
}
}