protected String escapeForJavaScript(String str) { try { str = StringEscapeUtils.escapeJavaScript(str); } catch (Exception e) { logger.error("Failed to escape", e); str = null; } return str; }
/** * <p>Escapes the characters in a <code>String</code> using Java String rules to * a <code>Writer</code>.</p> * <p/> * <p>A <code>null</code> string input has no effect.</p> * * @param out Writer to write escaped string into * @param str String to escape values in, may be null * @throws IllegalArgumentException if the Writer is <code>null</code> * @throws IOException if error occurs on underlying Writer * @see #escapeJava(java.lang.String) */ public static void escapeJava(Writer out, String str) throws IOException { escapeJavaStyleString(out, str, false, false); }
/** * <p>Unescapes any JavaScript literals found in the <code>String</code>.</p> * <p/> * <p>For example, it will turn a sequence of <code>'\'</code> and <code>'n'</code> * into a newline character, unless the <code>'\'</code> is preceded by another * <code>'\'</code>.</p> * * @param str the <code>String</code> to unescape, may be null * @return A new unescaped <code>String</code>, <code>null</code> if null string input * @see #unescapeJava(String) */ public static String unescapeJavaScript(String str) throws Exception { return unescapeJava(str); }
@Override public byte[] transformPayload(AtmosphereResponse response, byte[] responseDraft, byte[] data) throws IOException { String charEncoding = response.getCharacterEncoding() == null ? "UTF-8" : response.getCharacterEncoding(); String s = new String(responseDraft, charEncoding); // Ugly. if (s.equalsIgnoreCase("h") || s.equals("c") || (s.equals("o\n") && r.transport().equals(AtmosphereResource.TRANSPORT.WEBSOCKET))) { return s.getBytes(); } if (!s.isEmpty()) { try { if (transport.equals(JSONP)) { return ("a" + s).getBytes(charEncoding); } else if (transport.equals(HTMLFILE)) { StringBuilder sb = new StringBuilder(); sb.append("<script>\np(") .append("\"") .append(StringEscapeUtils.escapeJavaScript("a[\"" + StringEscapeUtils.escapeJavaScript(s) + "\"]\n")) .append("\")</script>\n"); return (sb.toString()).getBytes(charEncoding); } else { return ("a[\"" + StringEscapeUtils.escapeJavaScript(s) + "\"]\n").getBytes(charEncoding); } } catch (Exception e) { logger.error("", e); return "".getBytes(); } } return s.getBytes(); } });
/** * <p>Escapes the characters in a <code>String</code> using JavaScript String rules * to a <code>Writer</code>.</p> * <p/> * <p>A <code>null</code> string input has no effect.</p> * * @param out Writer to write escaped string into * @param str String to escape values in, may be null * @throws IllegalArgumentException if the Writer is <code>null</code> * @throws IOException if error occurs on underlying Writer * @see #escapeJavaScript(java.lang.String) */ public static void escapeJavaScript(Writer out, String str) throws Exception { escapeJavaStyleString(out, str, true, true); }
/** * <p>Unescapes any JavaScript literals found in the <code>String</code> to a * <code>Writer</code>.</p> * <p/> * <p>For example, it will turn a sequence of <code>'\'</code> and <code>'n'</code> * into a newline character, unless the <code>'\'</code> is preceded by another * <code>'\'</code>.</p> * <p/> * <p>A <code>null</code> string input has no effect.</p> * * @param out the <code>Writer</code> used to output unescaped characters * @param str the <code>String</code> to unescape, may be null * @throws IllegalArgumentException if the Writer is <code>null</code> * @throws IOException if error occurs on underlying Writer * @see #unescapeJava(Writer, String) */ public static void unescapeJavaScript(Writer out, String str) throws Exception { unescapeJava(out, str); }
/** * <p>Escapes the characters in a <code>String</code> using JavaScript String rules.</p> * <p>Escapes any values it finds into their JavaScript String form. * Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.) </p> * <p/> * <p>So a tab becomes the characters <code>'\\'</code> and * <code>'t'</code>.</p> * <p/> * <p>The only difference between Java strings and JavaScript strings * is that in JavaScript, a single quote must be escaped.</p> * <p/> * <p>Example: * <pre> * input string: He didn't say, "Stop!" * output string: He didn\'t say, \"Stop!\" * </pre> * </p> * * @param str String to escape values in, may be null * @return String with escaped values, <code>null</code> if null string input */ public static String escapeJavaScript(String str) throws Exception { return escapeJavaStyleString(str, true, true); }
/** * <p>Unescapes any Java literals found in the <code>String</code>. * For example, it will turn a sequence of <code>'\'</code> and * <code>'n'</code> into a newline character, unless the <code>'\'</code> * is preceded by another <code>'\'</code>.</p> * * @param str the <code>String</code> to unescape, may be null * @return a new unescaped <code>String</code>, <code>null</code> if null string input */ public static String unescapeJava(String str) throws Exception { if (str == null) { return null; } StringWriter writer = new StringWriter(str.length()); unescapeJava(writer, str); return writer.toString(); }
/** * <p>Escapes the characters in a <code>String</code> using Java String rules.</p> * <p/> * <p>Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.) </p> * <p/> * <p>So a tab becomes the characters <code>'\\'</code> and * <code>'t'</code>.</p> * <p/> * <p>The only difference between Java strings and JavaScript strings * is that in JavaScript, a single quote must be escaped.</p> * <p/> * <p>Example: * <pre> * input string: He didn't say, "Stop!" * output string: He didn't say, \"Stop!\" * </pre> * </p> * * @param str String to escape values in, may be null * @return String with escaped values, <code>null</code> if null string input */ public static String escapeJava(String str) throws Exception { return escapeJavaStyleString(str, false, false); }
/** * <p>Worker method for the {@link #escapeJavaScript(String)} method.</p> * * @param str String to escape values in, may be null * @param escapeSingleQuotes escapes single quotes if <code>true</code> * @param escapeForwardSlash TODO * @return the escaped string */ private static String escapeJavaStyleString(String str, boolean escapeSingleQuotes, boolean escapeForwardSlash) throws Exception { if (str == null) { return null; } StringWriter writer = new StringWriter(str.length() * 2); escapeJavaStyleString(writer, str, escapeSingleQuotes, escapeForwardSlash); return writer.toString(); }