package com.vci.starter.web.toolmodel;

import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.JavaScriptUtils;

import java.beans.PropertyEditorSupport;

/**
 * 与spring mvc的@InitBinder结合
 * 用于防止XSS攻击
 * 将Html中包含的js等相关的内容转换
 * @author weidy
 * 
 */
public class StringEscapeEditor extends PropertyEditorSupport {

	/**
	 * 要编码的HTML内容
	 */
	private boolean escapeHTML;// 编码HTML
	/**
	 * 要编码的js
	 */
	private boolean escapeJavaScript;// 编码javascript

	/**
	 * 构造方法
	 */
	public StringEscapeEditor() {
		super();
	}

	/**
	 * 构造方法
	 * @param escapeHTML 要编码的html
	 * @param escapeJavaScript 要编码的JS
	 */
	public StringEscapeEditor(boolean escapeHTML, boolean escapeJavaScript) {
		super();
		this.escapeHTML = escapeHTML;
		this.escapeJavaScript = escapeJavaScript;
	}

	/**
	 * 执行转换
	 * @return 编码后的内容
	 */
	@Override
	public String getAsText() {
		Object value = getValue();
		return value != null ? value.toString() : "";
	}

	/**
	 * 执行专家
	 * @param text 转换钱的值
	 * @throws IllegalArgumentException 转换的过程出现了错误会抛出异常
	 */
	@Override
	public void setAsText(String text) throws IllegalArgumentException {
		if (text == null) {
			setValue(null);
		} else {
			String value = text;
			if (escapeHTML) {
				value = HtmlUtils.htmlEscape(value);
			}
			if (escapeJavaScript) {
				value = JavaScriptUtils.javaScriptEscape(value);
			}
			setValue(value);
		}
	}

}