|
|||||||||
| Home >> All >> com >> mvsteenb >> javauitransformer >> xmltransformer >> [ util overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
com.mvsteenb.javauitransformer.xmltransformer.util
Class StringUtil
java.lang.Objectcom.mvsteenb.javauitransformer.xmltransformer.util.StringUtil
- public class StringUtil
- extends java.lang.Object
com.mvsteenb.javauitransformer.xmltransformer.util
About
This class is part of the JavaUIFormatter version @build.version@ (build #@build.number@) which was built on @build.date@.
Description
Free Software
Copyright (C) 2003 Mario Van Steenberghe
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
Please contact me at mario.vansteenberghe@pandora.be for more information.
Revision History
Sep 3, 2003: mvsteenb : Initial Revision
| Field Summary | |
private static java.util.Hashtable |
htmlEntities
|
| Constructor Summary | |
StringUtil()
|
|
| Method Summary | |
static java.lang.String |
escapeHTML(java.lang.String s)
Replaces characters that may be confused by a HTML parser with their equivalent character entity references. |
static java.lang.String |
escapeJavaLiteral(java.lang.String s)
Replaces characters that are not allowed in a Java style string literal with their escape characters. |
static java.lang.String |
escapeSQL(java.lang.String s)
Replaces characters that may be confused by an SQL parser with their equivalent escape characters. |
static void |
indent(int indent,
java.lang.StringBuffer buf)
Adds indentation characters to buffer |
static java.lang.String |
midpad(java.lang.String s,
int length)
Pad the beginning and end of the given String with spaces until the String is of the given length. |
static java.lang.String |
midpad(java.lang.String s,
int length,
char c)
Pad the beginning and end of the given String with the given character until the result is the desired length. |
static java.lang.String |
postpad(java.lang.String s,
int length)
Pad the end of the given String with spaces until the String is of the given length. |
static java.lang.String |
postpad(java.lang.String s,
int length,
char c)
Append the given character to the String until the result is the desired length. |
static java.lang.String |
prepad(java.lang.String s,
int length)
Pad the beginning of the given String with spaces until the String is of the given length. |
static java.lang.String |
prepad(java.lang.String s,
int length,
char c)
Pre-pend the given character to the String until the result is the desired length. |
static java.lang.String |
replace(java.lang.String s,
java.lang.String find,
java.lang.String replace)
Replace occurrences of a substring. |
static java.lang.String[] |
split(java.lang.String s,
java.lang.String delimiter)
Split the given String into tokens. |
static java.lang.String |
trim(java.lang.String s,
java.lang.String c)
Trim any of the characters contained in the second string from the beginning and end of the first. |
static java.lang.String |
unescapeHTML(java.lang.String s)
Turn any HTML escape entities in the string into characters and return the resulting string. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
htmlEntities
private static java.util.Hashtable htmlEntities
| Constructor Detail |
StringUtil
public StringUtil()
| Method Detail |
indent
public static void indent(int indent,
java.lang.StringBuffer buf)
- Adds indentation characters to buffer
prepad
public static java.lang.String prepad(java.lang.String s, int length)
- Pad the beginning of the given String with spaces until
the String is of the given length.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
- Since:
- ostermillerutils 1.00.00
prepad
public static java.lang.String prepad(java.lang.String s, int length, char c)
- Pre-pend the given character to the String until
the result is the desired length.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
- Since:
- ostermillerutils 1.00.00
postpad
public static java.lang.String postpad(java.lang.String s, int length)
- Pad the end of the given String with spaces until
the String is of the given length.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
- Since:
- ostermillerutils 1.00.00
postpad
public static java.lang.String postpad(java.lang.String s, int length, char c)
- Append the given character to the String until
the result is the desired length.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
- Since:
- ostermillerutils 1.00.00
midpad
public static java.lang.String midpad(java.lang.String s, int length)
- Pad the beginning and end of the given String with spaces until
the String is of the given length. The result is that the original
String is centered in the middle of the new string.
If the number of characters to pad is even, then the padding will be split evenly between the beginning and end, otherwise, the extra character will be added to the end.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
- Since:
- ostermillerutils 1.00.00
midpad
public static java.lang.String midpad(java.lang.String s, int length, char c)
- Pad the beginning and end of the given String with the given character
until the result is the desired length. The result is that the original
String is centered in the middle of the new string.
If the number of characters to pad is even, then the padding will be split evenly between the beginning and end, otherwise, the extra character will be added to the end.
If a String is longer than the desired length, it will not be truncated, however no padding will be added.
- Since:
- ostermillerutils 1.00.00
split
public static java.lang.String[] split(java.lang.String s, java.lang.String delimiter)
- Split the given String into tokens.
This method is meant to be similar to the split function in other programming languages but it does not use regular expressions. Rather the String is split on a single String literal.
Unlike java.util.StringTokenizer which accepts multiple character tokens as delimiters, the delimiter here is a single String literal.
Each null token is returned as an empty String. Delimiters are never returned as tokens.
If there is no delimiter because it is either empty or null, the only element in the result is the original String.
StringHelper.split("1-2-3", "-");
result: {"1", "2", "3"}
StringHelper.split("-1--2-", "-");
result: {"", "1", ,"", "2", ""}
StringHelper.split("123", "");
result: {"123"}
StringHelper.split("1-2---3----4", "--");
result: {"1-2", "-3", "", "4"}
- Since:
- ostermillerutils 1.00.00
replace
public static java.lang.String replace(java.lang.String s, java.lang.String find, java.lang.String replace)
- Replace occurrences of a substring.
StringHelper.replace("1-2-3", "-", "|");
result: "1|2|3"
StringHelper.replace("-1--2-", "-", "|");
result: "|1||2|"
StringHelper.replace("123", "", "|");
result: "123"
StringHelper.replace("1-2---3----4", "--", "|");
result: "1-2|-3||4"
StringHelper.replace("1-2---3----4", "--", "---");
result: "1-2----3------4"
- Since:
- ostermillerutils 1.00.00
escapeHTML
public static java.lang.String escapeHTML(java.lang.String s)
- Replaces characters that may be confused by a HTML
parser with their equivalent character entity references.
Any data that will appear as text on a web page should be be escaped. This is especially important for data that comes from untrusted sources such as Internet users. A common mistake in CGI programming is to ask a user for data and then put that data on a web page. For example:
Server: What is your name? User: <b>Joe<b> Server: Hello Joe, Welcome
If the name is put on the page without checking that it doesn't contain HTML code or without sanitizing that HTML code, the user could reformat the page, insert scripts, and control the the content on your web server.This method will replace HTML characters such as > with their HTML entity reference (>) so that the html parser will be sure to interpret them as plain text rather than HTML or script.
This method should be used for both data to be displayed in text in the html document, and data put in form elements. For example:
<html><body>This in not a <tag> in HTML</body></html>
and
<form><input type="hidden" name="date" value="This data could be "malicious""></form>
In the second example, the form data would be properly be resubmitted to your cgi script in the URLEncoded format:
This data could be %22malicious%22- Since:
- ostermillerutils 1.00.00
escapeSQL
public static java.lang.String escapeSQL(java.lang.String s)
- Replaces characters that may be confused by an SQL
parser with their equivalent escape characters.
Any data that will be put in an SQL query should be be escaped. This is especially important for data that comes from untrusted sources such as Internet users.
For example if you had the following SQL query:
"SELECT * FROM addresses WHERE name='" + name + "' AND private='N'"
Without this function a user could give" OR 1=1 OR ''='"as their name causing the query to be:
"SELECT * FROM addresses WHERE name='' OR 1=1 OR ''='' AND private='N'"
which will give all addresses, including private ones.
Correct usage would be:
"SELECT * FROM addresses WHERE name='" + StringHelper.escapeSQL(name) + "' AND private='N'"
Another way to avoid this problem is to use a PreparedStatement with appropriate placeholders.
- Since:
- ostermillerutils 1.00.00
escapeJavaLiteral
public static java.lang.String escapeJavaLiteral(java.lang.String s)
- Replaces characters that are not allowed in a Java style
string literal with their escape characters. Specifically
quote ("), single quote ('), new line (\n), carriage return (\r),
and backslash (\), and tab (\t) are escaped.
- Since:
- ostermillerutils 1.00.00
trim
public static java.lang.String trim(java.lang.String s, java.lang.String c)
- Trim any of the characters contained in the second
string from the beginning and end of the first.
- Since:
- ostermillerutils 1.00.00
unescapeHTML
public static java.lang.String unescapeHTML(java.lang.String s)
- Turn any HTML escape entities in the string into
characters and return the resulting string.
- Since:
- ostermillerutils 1.00.00
|
|||||||||
| Home >> All >> com >> mvsteenb >> javauitransformer >> xmltransformer >> [ util overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||