src/com/google/clearsilver/jsilver/functions/escape/JsValidateUnquotedLiteral.java - platform/external/jsilver - Git at Google

 /*
  * Copyright (C) 2010 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.google.clearsilver.jsilver.functions.escape;

 import com.google.clearsilver.jsilver.functions.TextFilter;

 import java.io.IOException;

 /**
  * This function will be used to sanitize variables introduced into javascript that are not string
  * literals. e.g. <script> var x = <?cs var: x ?> </script>
  *
  * Currently it only accepts boolean and numeric literals. All other values are replaced with a
  * 'null'. This behavior may be extended if required at a later time. This replicates the
  * autoescaping behavior of Clearsilver.
  */
 public class JsValidateUnquotedLiteral implements TextFilter {

   public void filter(String in, Appendable out) throws IOException {
     /* Permit boolean literals */
     if (in.equals("true") || in.equals("false")) {
       out.append(in);
       return;
     }

     boolean valid = true;
     if (in.startsWith("0x") || in.startsWith("0X")) {

       /*
        * There must be at least one hex digit after the 0x for it to be valid. Hex number. Check
        * that it is of the form 0(x|X)[0-9A-Fa-f]+
        */
       for (int i = 2; i < in.length(); i++) {
         char c = in.charAt(i);
         if (!((c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') || (c >= '0' && c <= '9'))) {
           valid = false;
           break;
         }
       }
     } else {
       /*
        * Must be a base-10 (or octal) number. Check that it has the form [0-9+-.eE]+
        */
       for (int i = 0; i < in.length(); i++) {
         char c = in.charAt(i);
         if (!((c >= '0' && c <= '9') || c == '+' || c == '-' || c == '.' || c == 'e' || c == 'E')) {
           valid = false;
           break;
         }
       }
     }

     if (valid) {
       out.append(in);
     } else {
       out.append("null");
     }
   }

 }
	/*
	* Copyright (C) 2010 Google Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.google.clearsilver.jsilver.functions.escape;

	import com.google.clearsilver.jsilver.functions.TextFilter;

	import java.io.IOException;

	/**
	* This function will be used to sanitize variables introduced into javascript that are not string
	* literals. e.g. <script> var x = <?cs var: x ?> </script>
	*
	* Currently it only accepts boolean and numeric literals. All other values are replaced with a
	* 'null'. This behavior may be extended if required at a later time. This replicates the
	* autoescaping behavior of Clearsilver.
	*/
	public class JsValidateUnquotedLiteral implements TextFilter {

	public void filter(String in, Appendable out) throws IOException {
	/* Permit boolean literals */
	if (in.equals("true") \|\| in.equals("false")) {
	out.append(in);
	return;
	}

	boolean valid = true;
	if (in.startsWith("0x") \|\| in.startsWith("0X")) {

	/*
	* There must be at least one hex digit after the 0x for it to be valid. Hex number. Check
	* that it is of the form 0(x\|X)[0-9A-Fa-f]+
	*/
	for (int i = 2; i < in.length(); i++) {
	char c = in.charAt(i);
	if (!((c >= 'a' && c <= 'f') \|\| (c >= 'A' && c <= 'F') \|\| (c >= '0' && c <= '9'))) {
	valid = false;
	break;
	}
	}
	} else {
	/*
	* Must be a base-10 (or octal) number. Check that it has the form [0-9+-.eE]+
	*/
	for (int i = 0; i < in.length(); i++) {
	char c = in.charAt(i);
	if (!((c >= '0' && c <= '9') \|\| c == '+' \|\| c == '-' \|\| c == '.' \|\| c == 'e' \|\| c == 'E')) {
	valid = false;
	break;
	}
	}
	}

	if (valid) {
	out.append(in);
	} else {
	out.append("null");
	}
	}

	}