Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
爱吃血肠
spring-framework
提交
7a7df663
S
spring-framework
项目概览
爱吃血肠
/
spring-framework
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-framework
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
7a7df663
编写于
2月 15, 2013
作者:
R
Rossen Stoyanchev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update JavaScriptUtils
Add escaping for <, >, and PS/LS line terminators Issue: SPR-9983
上级
63bff1f0
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
95 addition
and
7 deletion
+95
-7
org.springframework.web/src/main/java/org/springframework/web/util/JavaScriptUtils.java
...in/java/org/springframework/web/util/JavaScriptUtils.java
+28
-7
org.springframework.web/src/test/java/org/springframework/web/util/JavaScriptUtilsTests.java
...va/org/springframework/web/util/JavaScriptUtilsTests.java
+67
-0
未找到文件。
org.springframework.web/src/main/java/org/springframework/web/util/JavaScriptUtils.java
浏览文件 @
7a7df663
/*
* Copyright 2002-20
08
the original author or authors.
* Copyright 2002-20
13
the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -21,21 +21,21 @@ package org.springframework.web.util;
* Escapes based on the JavaScript 1.5 recommendation.
*
* <p>Reference:
* <a href="http://developer.mozilla.org/en/docs/Core_JavaScript_1.5_Guide:Literals#String_Literals">
* Core JavaScript 1.5 Guide
* </a>
* <a href="https://developer.mozilla.org/en-US/docs/JavaScript/Guide/Values,_variables,_and_literals#String_literals">
* JavaScript Guide</a> on Mozilla Developer Network.
*
* @author Juergen Hoeller
* @author Rob Harrop
* @author Rossen Stoyanchev
* @since 1.1.1
*/
public
class
JavaScriptUtils
{
/**
* Turn
special characters into escaped characters conforming to JavaScript
.
*
Handles complete character set defined in HTML 4.01 recommendation.
* Turn
JavaScript special characters into escaped characters
.
*
* @param input the input string
* @return the
escaped string
* @return the
string with escaped characters
*/
public
static
String
javaScriptEscape
(
String
input
)
{
if
(
input
==
null
)
{
...
...
@@ -73,6 +73,27 @@ public class JavaScriptUtils {
else
if
(
c
==
'\f'
)
{
filtered
.
append
(
"\\f"
);
}
else
if
(
c
==
'\b'
)
{
filtered
.
append
(
"\\b"
);
}
// No '\v' in Java, use octal value for VT ascii char
else
if
(
c
==
'\
013
'
)
{
filtered
.
append
(
"\\v"
);
}
else
if
(
c
==
'<'
)
{
filtered
.
append
(
"\\u003C"
);
}
else
if
(
c
==
'>'
)
{
filtered
.
append
(
"\\u003E"
);
}
// Unicode for PS (line terminator in ECMA-262)
else
if
(
c
==
'\u2028'
)
{
filtered
.
append
(
"\\u2028"
);
}
// Unicode for LS (line terminator in ECMA-262)
else
if
(
c
==
'\u2029'
)
{
filtered
.
append
(
"\\u2029"
);
}
else
{
filtered
.
append
(
c
);
}
...
...
org.springframework.web/src/test/java/org/springframework/web/util/JavaScriptUtilsTests.java
0 → 100644
浏览文件 @
7a7df663
/*
* Copyright 2004-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.springframework.web.util
;
import
static
org
.
junit
.
Assert
.*;
import
java.io.UnsupportedEncodingException
;
import
org.junit.Test
;
/**
* Test fixture for {@link JavaScriptUtils}.
*
* @author Rossen Stoyanchev
*/
public
class
JavaScriptUtilsTests
{
@Test
public
void
escape
()
{
StringBuilder
sb
=
new
StringBuilder
();
sb
.
append
(
'"'
);
sb
.
append
(
"'"
);
sb
.
append
(
"\\"
);
sb
.
append
(
"/"
);
sb
.
append
(
"\t"
);
sb
.
append
(
"\n"
);
sb
.
append
(
"\r"
);
sb
.
append
(
"\f"
);
sb
.
append
(
"\b"
);
sb
.
append
(
"\013"
);
assertEquals
(
"\\\"\\'\\\\\\/\\t\\n\\n\\f\\b\\v"
,
JavaScriptUtils
.
javaScriptEscape
(
sb
.
toString
()));
}
// SPR-9983
@Test
public
void
escapePsLsLineTerminators
()
{
StringBuilder
sb
=
new
StringBuilder
();
sb
.
append
(
'\u2028'
);
sb
.
append
(
'\u2029'
);
String
result
=
JavaScriptUtils
.
javaScriptEscape
(
sb
.
toString
());
assertEquals
(
"\\u2028\\u2029"
,
result
);
}
// SPR-9983
@Test
public
void
escapeLessThanGreaterThanSigns
()
throws
UnsupportedEncodingException
{
assertEquals
(
"\\u003C\\u003E"
,
JavaScriptUtils
.
javaScriptEscape
(
"<>"
));
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录