1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 package org.apache.tomcat.util.http;
19
20 import org.apache.tomcat.util.res.StringManager;
21
22 /**
23 * Handle (internationalized) HTTP messages.
24 *
25 * @author James Duncan Davidson [duncan@eng.sun.com]
26 * @author James Todd [gonzo@eng.sun.com]
27 * @author Jason Hunter [jch@eng.sun.com]
28 * @author Harish Prabandham
29 * @author costin@eng.sun.com
30 */
31 public class HttpMessages {
32 // XXX move message resources in this package
33 protected static StringManager sm =
34 StringManager.getManager("org.apache.tomcat.util.http.res");
35
36 static String st_200=null;
37 static String st_302=null;
38 static String st_400=null;
39 static String st_404=null;
40
41 /** Get the status string associated with a status code.
42 * No I18N - return the messages defined in the HTTP spec.
43 * ( the user isn't supposed to see them, this is the last
44 * thing to translate)
45 *
46 * Common messages are cached.
47 *
48 */
49 public static String getMessage( int status ) {
50 // method from Response.
51
52 // Does HTTP requires/allow international messages or
53 // are pre-defined? The user doesn't see them most of the time
54 switch( status ) {
55 case 200:
56 if( st_200==null ) st_200=sm.getString( "sc.200");
57 return st_200;
58 case 302:
59 if( st_302==null ) st_302=sm.getString( "sc.302");
60 return st_302;
61 case 400:
62 if( st_400==null ) st_400=sm.getString( "sc.400");
63 return st_400;
64 case 404:
65 if( st_404==null ) st_404=sm.getString( "sc.404");
66 return st_404;
67 }
68 return sm.getString("sc."+ status);
69 }
70
71 /**
72 * Filter the specified message string for characters that are sensitive
73 * in HTML. This avoids potential attacks caused by including JavaScript
74 * codes in the request URL that is often reported in error messages.
75 *
76 * @param message The message string to be filtered
77 */
78 public static String filter(String message) {
79
80 if (message == null)
81 return (null);
82
83 char content[] = new char[message.length()];
84 message.getChars(0, message.length(), content, 0);
85 StringBuffer result = new StringBuffer(content.length + 50);
86 for (int i = 0; i < content.length; i++) {
87 switch (content[i]) {
88 case '<':
89 result.append("<");
90 break;
91 case '>':
92 result.append(">");
93 break;
94 case '&':
95 result.append("&");
96 break;
97 case '"':
98 result.append(""");
99 break;
100 default:
101 result.append(content[i]);
102 }
103 }
104 return (result.toString());
105 }
106
107 }
Save This Page