Version 4.10.0

hirondelle.web4j.security
Class PermittedCharactersImpl

Object
  extended by hirondelle.web4j.security.PermittedCharactersImpl
All Implemented Interfaces:
PermittedCharacters

public class PermittedCharactersImpl
extends Object
implements PermittedCharacters

Default implementation of PermittedCharacters.

This class permits only those characters which return true for Character.isValidCodePoint(int).

Since SafeText already escapes a long list of special characters, those special characters are automatically safe for inclusion here. That is, you can usually accept almost any special character, because SafeText already does so much escaping anyway.

Given the importance of this issue for web application security, however, WEB4J still allows you to define your own implementation of this interface, as desired.

This is a very liberal implementation. Applications should consider replacing this implementation with something less liberal. For example, an alternate implementation might disallow carriage returns and line feeds, or might specify the characters of some particular block of Unicode.


Constructor Summary
PermittedCharactersImpl()
           
 
Method Summary
 boolean isPermitted(int aCodePoint)
          See class comment.
 
Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PermittedCharactersImpl

public PermittedCharactersImpl()
Method Detail

isPermitted

public boolean isPermitted(int aCodePoint)
See class comment.

Specified by:
isPermitted in interface PermittedCharacters
Parameters:
aCodePoint - character in the text being passed to the SafeText constructor. The text, in turn, may come from user input, or from the database. For more information on code points, please see Character. (Code points are used insteard of char since they are more general than char.)

Version 4.10.0

Copyright Hirondelle Systems. Published October 19, 2013 - User Guide - All Docs.