📄 stringhelper.java
字号:
} if (count == 0){ // special case in which on first pass, we find there is nothing // to be replaced. No need to do a second pass or create a string buffer. return s; } length = stringLength - (count * (findLength - replaceLength)); } int start = 0; int end = s.indexOf(find, start); if (end == -1){ // nothing was found in the string to replace. // we can get this if the find and replace strings // are the same length because we didn't check before. // in this case, we will return the original string return s; } // it looks like we actually have something to replace // *sigh* allocate memory for it. StringBuffer sb = new StringBuffer(length); // Scan s and do the replacements while (end != -1) { sb.append(s.substring(start, end)); sb.append(replace); start = end + findLength; end = s.indexOf(find, start); } end = stringLength; sb.append(s.substring(start, end)); return (sb.toString()); } /** * Replaces characters that may be confused by a HTML * parser with their equivalent character entity references. * <p> * Any data that will appear as text on a web page should * be be escaped. This is especially important for data * that comes from untrusted sources such as Internet users. * A common mistake in CGI programming is to ask a user for * data and then put that data on a web page. For example:<pre> * Server: What is your name? * User: <b>Joe<b> * Server: Hello <b>Joe</b>, Welcome</pre> * If the name is put on the page without checking that it doesn't * contain HTML code or without sanitizing that HTML code, the user * could reformat the page, insert scripts, and control the the * content on your web server. * <p> * This method will replace HTML characters such as > with their * HTML entity reference (&gt;) so that the html parser will * be sure to interpret them as plain text rather than HTML or script. * <p> * This method should be used for both data to be displayed in text * in the html document, and data put in form elements. For example:<br> * <code><html><body><i>This in not a &lt;tag&gt; * in HTML</i></body></html></code><br> * and<br> * <code><form><input type="hidden" name="date" value="<i>This data could * be &quot;malicious&quot;</i>"></form></code><br> * In the second example, the form data would be properly be resubmitted * to your cgi script in the URLEncoded format:<br> * <code><i>This data could be %22malicious%22</i></code> * * @param s String to be escaped * @return escaped String * @throws NullPointerException if s is null. */ public static String escapeHTML(String s){ int length = s.length(); int newLength = length; // first check for characters that might // be dangerous and calculate a length // of the string that has escapes. for (int i=0; i<length; i++){ char c = s.charAt(i); int cint = 0xffff & c; if (cint < 32){ switch(c){ case '\r': case '\n': case '\t': case '\f':{ } break; default: { newLength -= 1; } } } else { switch(c){ case '\"':{ newLength += 5; } break; case '&': case '\'':{ newLength += 4; } break; case '<': case '>':{ newLength += 3; } break; } } } if (length == newLength){ // nothing to escape in the string return s; } StringBuffer sb = new StringBuffer(newLength); for (int i=0; i<length; i++){ char c = s.charAt(i); int cint = 0xffff & c; if (cint < 32){ switch(c){ case '\r': case '\n': case '\t': case '\f':{ sb.append(c); } break; default: { // Remove this character } } } else { switch(c){ case '\"':{ sb.append("""); } break; case '\'':{ sb.append("'"); } break; case '&':{ sb.append("&"); } break; case '<':{ sb.append("<"); } break; case '>':{ sb.append(">"); } break; default: { sb.append(c); } } } } return sb.toString(); } /** * Replaces characters that may be confused by an SQL * parser with their equivalent escape characters. * <p> * Any data that will be put in an SQL query should * be be escaped. This is especially important for data * that comes from untrusted sources such as Internet users. * <p> * For example if you had the following SQL query:<br> * <code>"SELECT * FROM addresses WHERE name='" + name + "' AND private='N'"</code><br> * Without this function a user could give <code>" OR 1=1 OR ''='"</code> * as their name causing the query to be:<br> * <code>"SELECT * FROM addresses WHERE name='' OR 1=1 OR ''='' AND private='N'"</code><br> * which will give all addresses, including private ones.<br> * Correct usage would be:<br> * <code>"SELECT * FROM addresses WHERE name='" + StringHelper.escapeSQL(name) + "' AND private='N'"</code><br> * <p> * Another way to avoid this problem is to use a PreparedStatement * with appropriate placeholders. * * @param s String to be escaped * @return escaped String * @throws NullPointerException if s is null. */ public static String escapeSQL(String s){ int length = s.length(); int newLength = length; // first check for characters that might // be dangerous and calculate a length // of the string that has escapes. for (int i=0; i<length; i++){ char c = s.charAt(i); switch(c){ case '\\': case '\"': case '\'': case '0':{ newLength += 1; } break; } } if (length == newLength){ // nothing to escape in the string return s; } StringBuffer sb = new StringBuffer(newLength); for (int i=0; i<length; i++){ char c = s.charAt(i); switch(c){ case '\\':{ sb.append("\\\\"); } break; case '\"':{ sb.append("\\\""); } break; case '\'':{ sb.append("\\\'"); } break; case '0':{ sb.append("\\0"); } break; default: { sb.append(c); } } } return sb.toString(); } /** * Replaces characters that are not allowed in a Java style * string literal with their escape characters. Specifically * quote ("), single quote ('), new line (\n), carriage return (\r), * and backslash (\), and tab (\t) are escaped. * * @param s String to be escaped * @return escaped String * @throws NullPointerException if s is null. */ public static String escapeJavaLiteral(String s){ int length = s.length(); int newLength = length; // first check for characters that might // be dangerous and calculate a length // of the string that has escapes. for (int i=0; i<length; i++){ char c = s.charAt(i); switch(c){ case '\"': case '\'': case '\n': case '\r': case '\t': case '\\':{ newLength += 1; } break; } } if (length == newLength){ // nothing to escape in the string return s; } StringBuffer sb = new StringBuffer(newLength); for (int i=0; i<length; i++){ char c = s.charAt(i); switch(c){ case '\"':{ sb.append("\\\""); } break; case '\'':{ sb.append("\\\'"); } break; case '\n':{ sb.append("\\n"); } break; case '\r':{ sb.append("\\r"); } break; case '\t':{ sb.append("\\t"); } break; case '\\':{ sb.append("\\\\"); } break; default: { sb.append(c); } } } return sb.toString(); } /** * Trim any of the characters contained in the second * string from the beginning and end of the first. * * @param s String to be trimmed. * @param c list of characters to trim from s. * @return trimmed String. * @throws NullPointerException if s is null. */ public static String trim(String s, String c){ int length = s.length(); if (c == null){ return s; } int cLength = c.length(); if (c.length() == 0){ return s; } int start = 0; int end = length; boolean found; // trim-able character found. int i; // Start from the beginning and find the // first non-trim-able character. found = false; for (i=0; !found && i<length; i++){ char ch = s.charAt(i); found = true; for (int j=0; found && j<cLength; j++){ if (c.charAt(j) == ch) found = false; } }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -