|
Version 4.10.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Object hirondelle.web4j.security.PermittedCharactersImpl
public class PermittedCharactersImpl
Default implementation of PermittedCharacters
.
This class permits only those characters which return true for
Character.isValidCodePoint(int)
.
Since SafeText
already escapes a long list of special characters, those
special characters are automatically safe for inclusion here.
That is, you can usually accept almost any special character, because
SafeText already does so much escaping anyway.
Given the importance of this issue for web application security, however, WEB4J still allows you to define your own implementation of this interface, as desired.
This is a very liberal implementation. Applications should consider replacing this implementation with something less liberal. For example, an alternate implementation might disallow carriage returns and line feeds, or might specify the characters of some particular block of Unicode.
Constructor Summary | |
---|---|
PermittedCharactersImpl()
|
Method Summary | |
---|---|
boolean |
isPermitted(int aCodePoint)
See class comment. |
Methods inherited from class Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public PermittedCharactersImpl()
Method Detail |
---|
public boolean isPermitted(int aCodePoint)
isPermitted
in interface PermittedCharacters
aCodePoint
- character in the text being passed to the SafeText
constructor.
The text, in turn, may come from user input, or from the database. For more information on
code points, please see Character
. (Code points are used insteard of char since they are
more general than char.)
|
Version 4.10.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |