|
Version 4.10.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface PermittedCharacters
Characters accepted by the SafeText
class.
This interface exists because it is important for a web application to defend strongly against Cross-Site Scripting (XSS) -- likely the single most prevalent form of attack on the web.
As principal line of defense against XSS, WEB4J provides the SafeText
class,
to be used to model all free form user input. SafeText escapes a large number of
special characters. If they are contained in a SafeText
object, any scripts
that depend on one or more of these special characters will very likely be
rendered unexecutable.
As a second line of defense, this interface permits you to specify exactly which characters
should be accepted by the SafeText
constructor. This is often called a
'white list' of acceptable characters.
The default implementation of this interface
(PermittedCharactersImpl
)
should be useful for a wide number of applications.
Method Summary | |
---|---|
boolean |
isPermitted(int aCodePoint)
Return true only if the given character is to be permitted by SafeText . |
Method Detail |
---|
boolean isPermitted(int aCodePoint)
SafeText
.
aCodePoint
- character in the text being passed to the SafeText
constructor.
The text, in turn, may come from user input, or from the database. For more information on
code points, please see Character
. (Code points are used insteard of char since they are
more general than char.)
|
Version 4.10.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |