org.javaWebGen.util
Class HtmlUtil

java.lang.Object
  org.javaWebGen.util.HtmlUtil

public class HtmlUtil
extends java.lang.Object

HTML helper methods

Version:

$Revision: 1.2 $

Author:

Kevin Scott

Constructor Summary

HtmlUtil()

Method Summary

static java.lang.String	htmlErrorMsg(java.lang.Throwable t) generates HTML to display an error message please note it displays the real stack trace in a HTML comment
static java.lang.String	setFormCheck()
static java.lang.String	stripEvilTags(java.lang.String html) removed Evil tags that can cause security problems.
static java.lang.String	stripTags(java.lang.String html) removed all tags( IE < > ) from input string This should be used on all input fields and anything pass on the URL to prevent cross site scripting attacks

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HtmlUtil

public HtmlUtil()

Method Detail

htmlErrorMsg

public static final java.lang.String htmlErrorMsg(java.lang.Throwable t)

generates HTML to display an error message please note it displays the real stack trace in a HTML comment

Parameters:

t - error

Returns:

html message

stripTags

public static final java.lang.String stripTags(java.lang.String html)

removed all tags( IE < > ) from input string This should be used on all input fields and anything pass on the URL to prevent cross site scripting attacks

Parameters:

html -

Returns:

text with TAGS removed

setFormCheck

public static final java.lang.String setFormCheck()

stripEvilTags

public static final java.lang.String stripEvilTags(java.lang.String html)

removed Evil tags that can cause security problems. Such as running code from a remote web sites.

Currently the following is removed:
• SCRIPT
• IFRAME
• IMAGE
• javascript:
• eval

Never trust what the browser sends you! to prevent cross site scripting attacks.

Parameters:

html -

Returns:

text with TAGS removed