root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

HtmlUtils properly escapes single quotes as well

This commit is contained in:
Juergen Hoeller 2011-07-27 20:35:41 +00:00
parent 9347ac358c
commit 38837eddfd
3 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
org.springframework.web/src/main/java/org/springframework/web/util/HtmlCharacterEntityReferences.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2005 the original author or authors. * Copyright 2002-2011 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -38,6 +38,8 @@ import org.springframework.util.Assert;
*/ */
class HtmlCharacterEntityReferences { class HtmlCharacterEntityReferences {
private static final String PROPERTIES_FILE = "HtmlCharacterEntityReferences.properties";
static final char REFERENCE_START = '&'; static final char REFERENCE_START = '&';
static final String DECIMAL_REFERENCE_START = "&#"; static final String DECIMAL_REFERENCE_START = "&#";
@ -49,12 +51,9 @@ class HtmlCharacterEntityReferences {
static final char CHAR_NULL = (char) -1; static final char CHAR_NULL = (char) -1;
private static final String PROPERTIES_FILE = "HtmlCharacterEntityReferences.properties";
private final String[] characterToEntityReferenceMap = new String[3000]; private final String[] characterToEntityReferenceMap = new String[3000];
private final Map entityReferenceToCharacterMap = new HashMap(252); private final Map<String, Character> entityReferenceToCharacterMap = new HashMap<String, Character>(252);
/** /**
@ -63,7 +62,7 @@ class HtmlCharacterEntityReferences {
public HtmlCharacterEntityReferences() { public HtmlCharacterEntityReferences() {
Properties entityReferences = new Properties(); Properties entityReferences = new Properties();
// Load refeence definition file. // Load reference definition file
InputStream is = HtmlCharacterEntityReferences.class.getResourceAsStream(PROPERTIES_FILE); InputStream is = HtmlCharacterEntityReferences.class.getResourceAsStream(PROPERTIES_FILE);
if (is == null) { if (is == null) {
throw new IllegalStateException( throw new IllegalStateException(
@ -82,7 +81,7 @@ class HtmlCharacterEntityReferences {
"Failed to parse reference definition file [HtmlCharacterEntityReferences.properties]: " + ex.getMessage()); "Failed to parse reference definition file [HtmlCharacterEntityReferences.properties]: " + ex.getMessage());
} }
// Parse reference definition properites. // Parse reference definition properties
Enumeration keys = entityReferences.propertyNames(); Enumeration keys = entityReferences.propertyNames();
while (keys.hasMoreElements()) { while (keys.hasMoreElements()) {
String key = (String) keys.nextElement(); String key = (String) keys.nextElement();
@ -96,6 +95,7 @@ class HtmlCharacterEntityReferences {
} }
} }
/** /**
* Return the number of supported entity references. * Return the number of supported entity references.
*/ */
@ -128,7 +128,7 @@ class HtmlCharacterEntityReferences {
* Return the char mapped to the given entityReference or -1. * Return the char mapped to the given entityReference or -1.
*/ */
public char convertToCharacter(String entityReference) { public char convertToCharacter(String entityReference) {
Character referredCharacter = (Character) this.entityReferenceToCharacterMap.get(entityReference); Character referredCharacter = this.entityReferenceToCharacterMap.get(entityReference);
if (referredCharacter != null) { if (referredCharacter != null) {
return referredCharacter.charValue(); return referredCharacter.charValue();
} }

5
org.springframework.web/src/main/resources/org/springframework/web/util/HtmlCharacterEntityReferences.properties
View File

@ -2,7 +2,6 @@
# A complete description of the HTML 4.0 character set can be found at: # A complete description of the HTML 4.0 character set can be found at:
# http://www.w3.org/TR/html4/charset.html # http://www.w3.org/TR/html4/charset.html
# Character entity references for ISO 8859-1 characters # Character entity references for ISO 8859-1 characters
160 = nbsp 160 = nbsp
@ -102,7 +101,6 @@
254 = thorn 254 = thorn
255 = yuml 255 = yuml
# Character entity references for symbols, mathematical symbols, and Greek letters # Character entity references for symbols, mathematical symbols, and Greek letters
402 = fnof 402 = fnof
@ -230,11 +228,11 @@
9829 = hearts 9829 = hearts
9830 = diams 9830 = diams
# Character entity references for markup-significant and internationalization characters # Character entity references for markup-significant and internationalization characters
34 = quot 34 = quot
38 = amp 38 = amp
39 = #39
60 = lt 60 = lt
62 = gt 62 = gt
338 = OElig 338 = OElig
@ -265,4 +263,3 @@
8249 = lsaquo 8249 = lsaquo
8250 = rsaquo 8250 = rsaquo
8364 = euro 8364 = euro

24
org.springframework.web/src/test/java/org/springframework/web/util/HtmlUtilsTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2007 the original author or authors. * Copyright 2002-2011 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,31 +16,36 @@
package org.springframework.web.util; package org.springframework.web.util;
import junit.framework.TestCase; import org.junit.Test;
import static org.junit.Assert.*;
/** /**
* @author Alef Arendsen * @author Alef Arendsen
* @author Martin Kersten * @author Martin Kersten
* @author Rick Evans * @author Rick Evans
*/ */
public class HtmlUtilsTests extends TestCase { public class HtmlUtilsTests {
@Test
public void testHtmlEscape() { public void testHtmlEscape() {
String unescaped = "\"This is a quote"; String unescaped = "\"This is a quote'";
String escaped = HtmlUtils.htmlEscape(unescaped); String escaped = HtmlUtils.htmlEscape(unescaped);
assertEquals("&quot;This is a quote", escaped); assertEquals("&quot;This is a quote&#39;", escaped);
escaped = HtmlUtils.htmlEscapeDecimal(unescaped); escaped = HtmlUtils.htmlEscapeDecimal(unescaped);
assertEquals("&#34;This is a quote", escaped); assertEquals("&#34;This is a quote&#39;", escaped);
escaped = HtmlUtils.htmlEscapeHex(unescaped); escaped = HtmlUtils.htmlEscapeHex(unescaped);
assertEquals("&#x22;This is a quote", escaped); assertEquals("&#x22;This is a quote&#x27;", escaped);
} }
@Test
public void testHtmlUnescape() { public void testHtmlUnescape() {
String escaped = "&quot;This is a quote"; String escaped = "&quot;This is a quote&#39;";
String unescaped = HtmlUtils.htmlUnescape(escaped); String unescaped = HtmlUtils.htmlUnescape(escaped);
assertEquals(unescaped, "\"This is a quote"); assertEquals(unescaped, "\"This is a quote'");
} }
@Test
public void testEncodeIntoHtmlCharacterSet() { public void testEncodeIntoHtmlCharacterSet() {
assertNull("A null string should be converted to a null string", assertNull("A null string should be converted to a null string",
HtmlUtils.htmlEscape(null)); HtmlUtils.htmlEscape(null));
@ -66,6 +71,7 @@ public class HtmlUtilsTests extends TestCase {
"&#977;", HtmlUtils.htmlEscapeDecimal("" + (char) 977)); "&#977;", HtmlUtils.htmlEscapeDecimal("" + (char) 977));
} }
@Test
public void testDecodeFromHtmlCharacterSet() { public void testDecodeFromHtmlCharacterSet() {
assertNull("A null string should be converted to a null string", assertNull("A null string should be converted to a null string",
HtmlUtils.htmlUnescape(null)); HtmlUtils.htmlUnescape(null));