51 "/ EscapeControlCharacters at:Character space put:' '. |
51 "/ EscapeControlCharacters at:Character space put:' '. |
52 EscapeControlCharacters at:$< put:'<'. |
52 EscapeControlCharacters at:$< put:'<'. |
53 EscapeControlCharacters at:$> put:'>'. |
53 EscapeControlCharacters at:$> put:'>'. |
54 EscapeControlCharacters at:$& put:'&'. |
54 EscapeControlCharacters at:$& put:'&'. |
55 EscapeControlCharacters at:$" put:'"'. |
55 EscapeControlCharacters at:$" put:'"'. |
|
56 "/ EscapeControlCharacters at:$' put:'''. |
56 ]. |
57 ]. |
57 ^ EscapeControlCharacters. |
58 ^ EscapeControlCharacters. |
58 ! |
59 ! |
59 |
60 |
60 escapeCharacterEntities:aString |
61 escapeCharacterEntities:aString |
240 self escape:'a b' |
241 self escape:'a b' |
241 self escape:'a+b' |
242 self escape:'a+b' |
242 " |
243 " |
243 ! |
244 ! |
244 |
245 |
245 withSpecialHTMLCharactersEscaped:aStringOrCharacter |
246 withAllSpecialHTMLCharactersEscaped:aStringOrCharacter |
246 "replace ampersand, less and greater by html-character escapes" |
247 "replace ampersand, less, greater and quotes by html-character escapes" |
247 |
248 |
248 "/ TODO: this is similar to escapeCharacterEntities. |
249 "/ TODO: this is similar to escapeCharacterEntities. |
249 "/ we should refactor this into one method only (can we do hex escapes always ?). |
250 "/ we should refactor this into one method only (can we do hex escapes always ?). |
250 "/ Notice, that these two methods came into existance due to historic reasons |
251 "/ Notice, that these two methods came into existance due to historic reasons |
251 "/ and were developed independent of each other, but later moved to this common place. |
252 "/ and were developed independent of each other, but later moved to this common place. |
252 |
253 |
253 |resultStream orgs repls| |
254 |resultStream| |
254 |
255 |
255 "/ orgs := #( $& $< $> ). |
256 "/ orgs := #( $& $< $> $" $'). |
256 "/ repls := #( '&' '<' '>' ). |
257 "/ repls := #( '&' '<' '>' " '). |
257 |
258 |
258 (aStringOrCharacter isString |
259 (aStringOrCharacter isString |
259 and:[ (aStringOrCharacter includesAny:'&<>') not ]) ifTrue:[^ aStringOrCharacter]. |
260 and:[ (aStringOrCharacter includesAny:'&<>') not ]) ifTrue:[^ aStringOrCharacter]. |
260 |
261 |
261 resultStream := WriteStream on:''. |
262 resultStream := WriteStream on:''. |
268 ifTrue:[ resultStream nextPutAll:'<' ] |
269 ifTrue:[ resultStream nextPutAll:'<' ] |
269 ifFalse:[ |
270 ifFalse:[ |
270 eachCharacter == $> |
271 eachCharacter == $> |
271 ifTrue:[ resultStream nextPutAll:'>' ] |
272 ifTrue:[ resultStream nextPutAll:'>' ] |
272 ifFalse:[ |
273 ifFalse:[ |
|
274 eachCharacter == $" |
|
275 ifTrue:[ resultStream nextPutAll:'"' ] |
|
276 ifFalse:[ |
|
277 eachCharacter == $' |
|
278 ifTrue:[ resultStream nextPutAll:''' ] |
|
279 ifFalse:[ |
273 resultStream nextPut:eachCharacter |
280 resultStream nextPut:eachCharacter |
274 ]]]. |
281 ]]]]]. |
275 ]. |
282 ]. |
276 ^ resultStream contents |
283 ^ resultStream contents |
277 |
284 |
278 " |
285 " |
279 self withSpecialHTMLCharactersEscaped:'<>#&' |
286 self withSpecialHTMLCharactersEscaped:'<>#&' |
280 self withSpecialHTMLCharactersEscaped:$< |
287 self withSpecialHTMLCharactersEscaped:$< |
281 self withSpecialHTMLCharactersEscaped:$# |
288 self withSpecialHTMLCharactersEscaped:$# |
282 " |
289 " |
283 |
290 |
284 "Modified: / 05-12-2006 / 13:48:59 / cg" |
291 "Modified: / 05-12-2006 / 13:48:59 / cg" |
|
292 ! |
|
293 |
|
294 withSpecialHTMLCharactersEscaped:aStringOrCharacter |
|
295 "replace ampersand, less and greater by html-character escapes" |
|
296 |
|
297 "/ TODO: this is similar to escapeCharacterEntities. |
|
298 "/ we should refactor this into one method only (can we do hex escapes always ?). |
|
299 "/ Notice, that these two methods came into existance due to historic reasons |
|
300 "/ and were developed independent of each other, but later moved to this common place. |
|
301 |
|
302 |resultStream orgs repls| |
|
303 |
|
304 "/ orgs := #( $& $< $> ). |
|
305 "/ repls := #( '&' '<' '>' ). |
|
306 |
|
307 (aStringOrCharacter isString |
|
308 and:[ (aStringOrCharacter includesAny:'&<>') not ]) ifTrue:[^ aStringOrCharacter]. |
|
309 |
|
310 resultStream := WriteStream on:''. |
|
311 aStringOrCharacter asString do:[:eachCharacter | |
|
312 "/ huh - a switch. Sorry, but this method is used heavily. |
|
313 eachCharacter == $& |
|
314 ifTrue:[ resultStream nextPutAll:'&' ] |
|
315 ifFalse:[ |
|
316 eachCharacter == $< |
|
317 ifTrue:[ resultStream nextPutAll:'<' ] |
|
318 ifFalse:[ |
|
319 eachCharacter == $> |
|
320 ifTrue:[ resultStream nextPutAll:'>' ] |
|
321 ifFalse:[ |
|
322 resultStream nextPut:eachCharacter |
|
323 ]]]. |
|
324 ]. |
|
325 ^ resultStream contents |
|
326 |
|
327 " |
|
328 self withSpecialHTMLCharactersEscaped:'<>#&' |
|
329 self withSpecialHTMLCharactersEscaped:$< |
|
330 self withSpecialHTMLCharactersEscaped:$# |
|
331 " |
|
332 |
|
333 "Modified: / 05-12-2006 / 13:48:59 / cg" |
285 ! ! |
334 ! ! |
286 |
335 |
287 !HTMLUtilities class methodsFor:'serving-helpers'! |
336 !HTMLUtilities class methodsFor:'serving-helpers'! |
288 |
337 |
289 escape:aString |
338 escape:aString |
290 "helper to escape invalid/dangerous characters in an urls arguments or post-fields. |
339 "helper to escape invalid/dangerous characters in an url's arguments or post-fields. |
291 These are: |
340 These are: |
292 control characters, '+', ';', '?', '&' and space -> %XX ascii as hex digits |
341 control characters, '+', ';', '?', '&' and space -> %XX ascii as hex digits |
293 % -> %% |
342 % -> %% |
294 " |
343 " |
295 |
344 |