Home | History | Annotate | Download | only in html 
      1 /*
      2  * Copyright (C) 2010 Google Inc.
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  * http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package com.google.clearsilver.jsilver.functions.html;
     18 
     19 import java.io.IOException;
     20 
     21 /**
     22  * Validates that input string is a valid URI. If it is not valid, the string {@code #} is returned.
     23  * If it is valid, the characters [\n\r\\'"()<>*] are URL encoded to ensure the string can be safely
     24  * inserted in a CSS URL context. In particular:
     25  * <ol>
     26  * <li>In an '@import url("URL");' statement
     27  * <li>In a CSS property such as 'background: url("URL");'
     28  * </ol>
     29  * In both cases, enclosing quotes are optional but parenthesis are not. This filter ensures that
     30  * the URL cannot exit the parens enclosure, close a STYLE tag or reset the browser's CSS parser
     31  * (via comments or newlines).
     32  * <p>
     33  * References:
     34  * <ol>
     35  * <li>CSS 2.1 URLs: http://www.w3.org/TR/CSS21/syndata.html#url
     36  * <li>CSS 1 URLs: http://www.w3.org/TR/REC-CSS1/#url
     37  * </ol>
     38  *
     39  * @see BaseUrlValidateFunction
     40  */
     41 public class CssUrlValidateFunction extends BaseUrlValidateFunction {
     42 
     43   protected void applyEscaping(String in, Appendable out) throws IOException {
     44     for (int i = 0; i < in.length(); i++) {
     45       char ch = in.charAt(i);
     46       switch (ch) {
     47         case '\n':
     48           out.append("%0A");
     49           break;
     50         case '\r':
     51           out.append("%0D");
     52           break;
     53         case '"':
     54           out.append("%22");
     55           break;
     56         case '\'':
     57           out.append("%27");
     58           break;
     59         case '(':
     60           out.append("%28");
     61           break;
     62         case ')':
     63           out.append("%29");
     64           break;
     65         case '*':
     66           out.append("%2A");
     67           break;
     68         case '<':
     69           out.append("%3C");
     70           break;
     71         case '>':
     72           out.append("%3E");
     73           break;
     74         case '\\':
     75           out.append("%5C");
     76           break;
     77         default:
     78           out.append(ch);
     79       }
     80     }
     81   }
     82 
     83 }
     84