escape in ABAP and JavaScript

ABAP

IF_HTTP_UTILITY~ESCAPE_URL

escape in ABAP and JavaScript

JavaScript

开源的sanitizer库,Google搞的。

escape in ABAP and JavaScript

https://www.npmjs.com/package/sanitizer
sanitizer.escape('your dirty string');
用于C4C:

escape in ABAP and JavaScript

在Java里使用这个JS library:

public class CajaSanitiser {
private final ScriptEngine engine;
private final Bindings bindings;
public CajaSanitiser() throws IOException, ScriptException {
this.engine = new ScriptEngineManager().getEngineByName("js");
this.bindings = engine.getBindings(ScriptContext.ENGINE_SCOPE);
String scriptName = "com/google/caja/plugin/html-css-sanitizer-minified.js";
try (BufferedReader reader = getReader(scriptName)) {
engine.eval(reader);
}
String identity = "function identity(value) {return value;}";
engine.eval(identity);
}
private BufferedReader getReader(String name) {
return new BufferedReader(new InputStreamReader(
getClass().getClassLoader().getResourceAsStream(name)));
}
public String sanitise(String htmlSource) throws ScriptException {
bindings.put("src", htmlSource);
// You can use other functions beside 'identity' if you
// want to transform the html.
// See https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer
return (String) engine.eval("html_sanitize(src, identity, identity)");
}
public static void main(String[] args) throws Exception {
CajaSanitiser sanitiser = new CajaSanitiser();
String source = "<html>n" +
"<head>n" +
"<style>n" +
"h1 {color:blue;}n" +
"</style>n" +
"</head>n" +
"<body>n" +
"<h1>A heading</h1>n" +
"</body>n" +
"</html>";
System.out.println("Original HTML with CSS:");
System.out.println(source);
System.out.println();
System.out.println("Sanitised HTML:");
System.out.println(sanitiser.sanitise(source));
}
}

Maven dependency:

<dependencies>
<dependency>
<groupId>caja</groupId>
<artifactId>caja</artifactId>
<version>r5127</version>
</dependency>
</dependencies>

本文来自云栖社区合作伙伴“汪子熙”,了解相关信息可以关注微信公众号"汪子熙"。