Version 4.10.0
Interface PermittedCharacters

All Known Implementing Classes:

public interface PermittedCharacters

Characters accepted by the SafeText class.

This interface exists because it is important for a web application to defend strongly against Cross-Site Scripting (XSS) -- likely the single most prevalent form of attack on the web.

As principal line of defense against XSS, WEB4J provides the SafeText class, to be used to model all free form user input. SafeText escapes a large number of special characters. If they are contained in a SafeText object, any scripts that depend on one or more of these special characters will very likely be rendered unexecutable.

As a second line of defense, this interface permits you to specify exactly which characters should be accepted by the SafeText constructor. This is often called a 'white list' of acceptable characters.

The default implementation of this interface (PermittedCharactersImpl) should be useful for a wide number of applications.

Method Summary
 boolean isPermitted(int aCodePoint)
          Return true only if the given character is to be permitted by SafeText.

Method Detail


boolean isPermitted(int aCodePoint)
Return true only if the given character is to be permitted by SafeText.

aCodePoint - character in the text being passed to the SafeText constructor. The text, in turn, may come from user input, or from the database. For more information on code points, please see Character. (Code points are used insteard of char since they are more general than char.)

Version 4.10.0

Copyright Hirondelle Systems. Published October 19, 2013 - User Guide - All Docs.