+package de.juplo.facebook.aspects;
+
+
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+
+/**
+ * @author Kai Moritz
+ */
+@Aspect
+public class SanitizeAspect
+{
+ private static final Logger log =
+ LoggerFactory.getLogger(SanitizeAspect.class);
+
+
+ /**
+ * This method sanitizes the given string in all means:
+ * <ul>
+ * <li>It removes leading and trailing whitspace.</li>
+ * <li>It removes characters, that are not allowed in the XML-output</li>
+ * <li>It checks the allowed length of the string</li>
+ * </ul>
+ *
+ * This method ensures that the output String has only
+ * valid XML unicode characters as specified by the
+ * XML 1.0 standard. For reference, please see
+ * <a href="http://www.w3.org/TR/2000/REC-xml-20001006#NT-Char">the
+ * standard</a>. This method will return an empty
+ * String if the input is null or empty.
+ *
+ * @param jp The join-point captured by AspectJ.
+ * @param in The String whose non-valid characters we want to remove.
+ * @param sanitize The annotation, the field was marked with.
+ * @see <a href="http://blog.mark-mclaren.info/2007/02/invalid-xml-characters-when-valid-utf8_5873.html">Invalid XML Characters: when valid UTF8 does not mean valid XML</a>
+ * @see <a href="http://up-download.de/up/docs/werkstatt/de/intrexx-werkstatt-ungueltige-zeichen-in-eingabefeldern-abfangen.pdf">Ungültige Zeichen in Eingabefeldern abfangen</a>
+ */
+ @Around("set(String *) && args(in) && @annotation(sanitize)")
+ public void sanitize(
+ ProceedingJoinPoint jp,
+ String in,
+ Sanitize sanitize
+ )
+ throws Throwable
+ {
+ if (in == null)
+ {
+ jp.proceed(new Object[] { null });
+ return;
+ }
+
+ in = in.trim();
+ if ("".equals(in))
+ {
+ jp.proceed(new Object[] { null });
+ return;
+ }
+
+ StringBuilder out = new StringBuilder(); // Used to hold the output.
+ char current; // Used to reference the current character.
+
+ for (int i = 0; i < in.length(); i++)
+ {
+ current = in.charAt(i); // NOTE: No IndexOutOfBoundsException caught here; it should not happen.
+ if ((current == 0x9) ||
+ (current == 0xA) ||
+ (current == 0xD) ||
+ ((current >= 0x20) && (current <= 0xD7FF)) ||
+ ((current >= 0xE000) && (current <= 0xFFFD)) ||
+ ((current >= 0x10000) && (current <= 0x10FFFF)))
+ out.append(current);
+ }
+ if (out.length() > sanitize.length())
+ {
+ log.error(
+ "Maximum length for attribute {} exceeded: should={}, was={}",
+ jp.getSignature().getName(),
+ sanitize.length(),
+ out.length()
+ );
+ if (sanitize.fail())
+ throw new RuntimeException("String is longer than " + sanitize.length());
+ else
+ out.setLength(sanitize.length());
+ }
+ jp.proceed(new Object[] { out.toString() });
+ }
+}