PlainTextToHtmlContentContext.java

/*******************************************************************************
 * Licensed to the Apache Software Foundation (ASF) under one or
 * more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to you under the
 * Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain
 * a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0 Unless required by
 * applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 ******************************************************************************/
package org.apache.sling.xss.impl;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Class that provides the capability of securing input provided as plain text for
 * HTML output.
 */
public class PlainTextToHtmlContentContext implements XSSFilterRule {

    /**
     * Logger
     */
    private final Logger log = LoggerFactory.getLogger(this.getClass());

    /**
     * @see XSSFilterRule#check(PolicyHandler, String)
     */
    public boolean check(final PolicyHandler policy, final String str) {
        // there's nothing that can't be escaped, so just return true
        return true;
    }

    /**
     * @see XSSFilterRule#filter(PolicyHandler, java.lang.String)
     */
    public String filter(final PolicyHandler policy, final String str) {
        final String cleaned = escapeXml(str);
        log.debug("Protecting (plain text -> HTML) :\n{}\nto\n{}", str, cleaned);
        return cleaned;
    }

    private static String escapeXml(final String input) {
        if (input == null) {
            return null;
        }

        final StringBuilder b = new StringBuilder(input.length());
        for (int i = 0; i < input.length(); i++) {
            final char c = input.charAt(i);
            if (c == '&') {
                b.append("&");
            } else if (c == '<') {
                b.append("<");
            } else if (c == '>') {
                b.append(">");
            } else {
                b.append(c);
            }
        }
        return b.toString();
    }

    /**
     * @see XSSFilterRule#supportsPolicy()
     */
    public boolean supportsPolicy() {
        return false;
    }
}