001/* 002 * Copyright 2002-2018 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.web.util; 018 019/** 020 * Utility class for JavaScript escaping. 021 * Escapes based on the JavaScript 1.5 recommendation. 022 * 023 * <p>Reference: 024 * <a href="https://developer.mozilla.org/en-US/docs/JavaScript/Guide/Values,_variables,_and_literals#String_literals"> 025 * JavaScript Guide</a> on Mozilla Developer Network. 026 * 027 * @author Juergen Hoeller 028 * @author Rob Harrop 029 * @author Rossen Stoyanchev 030 * @since 1.1.1 031 */ 032public abstract class JavaScriptUtils { 033 034 /** 035 * Turn JavaScript special characters into escaped characters. 036 * @param input the input string 037 * @return the string with escaped characters 038 */ 039 public static String javaScriptEscape(String input) { 040 StringBuilder filtered = new StringBuilder(input.length()); 041 char prevChar = '\u0000'; 042 char c; 043 for (int i = 0; i < input.length(); i++) { 044 c = input.charAt(i); 045 if (c == '"') { 046 filtered.append("\\\""); 047 } 048 else if (c == '\'') { 049 filtered.append("\\'"); 050 } 051 else if (c == '\\') { 052 filtered.append("\\\\"); 053 } 054 else if (c == '/') { 055 filtered.append("\\/"); 056 } 057 else if (c == '\t') { 058 filtered.append("\\t"); 059 } 060 else if (c == '\n') { 061 if (prevChar != '\r') { 062 filtered.append("\\n"); 063 } 064 } 065 else if (c == '\r') { 066 filtered.append("\\n"); 067 } 068 else if (c == '\f') { 069 filtered.append("\\f"); 070 } 071 else if (c == '\b') { 072 filtered.append("\\b"); 073 } 074 // No '\v' in Java, use octal value for VT ascii char 075 else if (c == '\013') { 076 filtered.append("\\v"); 077 } 078 else if (c == '<') { 079 filtered.append("\\u003C"); 080 } 081 else if (c == '>') { 082 filtered.append("\\u003E"); 083 } 084 // Unicode for PS (line terminator in ECMA-262) 085 else if (c == '\u2028') { 086 filtered.append("\\u2028"); 087 } 088 // Unicode for LS (line terminator in ECMA-262) 089 else if (c == '\u2029') { 090 filtered.append("\\u2029"); 091 } 092 else { 093 filtered.append(c); 094 } 095 prevChar = c; 096 097 } 098 return filtered.toString(); 099 } 100 101}