001/* 002 * Copyright 2002-2017 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.web.util; 018 019/** 020 * Utility class for JavaScript escaping. 021 * Escapes based on the JavaScript 1.5 recommendation. 022 * 023 * <p>Reference: 024 * <a href="https://developer.mozilla.org/en-US/docs/JavaScript/Guide/Values,_variables,_and_literals#String_literals"> 025 * JavaScript Guide</a> on Mozilla Developer Network. 026 * 027 * @author Juergen Hoeller 028 * @author Rob Harrop 029 * @author Rossen Stoyanchev 030 * @since 1.1.1 031 */ 032public class JavaScriptUtils { 033 034 /** 035 * Turn JavaScript special characters into escaped characters. 036 * @param input the input string 037 * @return the string with escaped characters 038 */ 039 public static String javaScriptEscape(String input) { 040 if (input == null) { 041 return input; 042 } 043 044 StringBuilder filtered = new StringBuilder(input.length()); 045 char prevChar = '\u0000'; 046 char c; 047 for (int i = 0; i < input.length(); i++) { 048 c = input.charAt(i); 049 if (c == '"') { 050 filtered.append("\\\""); 051 } 052 else if (c == '\'') { 053 filtered.append("\\'"); 054 } 055 else if (c == '\\') { 056 filtered.append("\\\\"); 057 } 058 else if (c == '/') { 059 filtered.append("\\/"); 060 } 061 else if (c == '\t') { 062 filtered.append("\\t"); 063 } 064 else if (c == '\n') { 065 if (prevChar != '\r') { 066 filtered.append("\\n"); 067 } 068 } 069 else if (c == '\r') { 070 filtered.append("\\n"); 071 } 072 else if (c == '\f') { 073 filtered.append("\\f"); 074 } 075 else if (c == '\b') { 076 filtered.append("\\b"); 077 } 078 // No '\v' in Java, use octal value for VT ascii char 079 else if (c == '\013') { 080 filtered.append("\\v"); 081 } 082 else if (c == '<') { 083 filtered.append("\\u003C"); 084 } 085 else if (c == '>') { 086 filtered.append("\\u003E"); 087 } 088 // Unicode for PS (line terminator in ECMA-262) 089 else if (c == '\u2028') { 090 filtered.append("\\u2028"); 091 } 092 // Unicode for LS (line terminator in ECMA-262) 093 else if (c == '\u2029') { 094 filtered.append("\\u2029"); 095 } 096 else { 097 filtered.append(c); 098 } 099 prevChar = c; 100 101 } 102 return filtered.toString(); 103 } 104 105}