hirondelle.web4j.security
Class PermittedCharactersImpl
Object
hirondelle.web4j.security.PermittedCharactersImpl
- All Implemented Interfaces:
- PermittedCharacters
public class PermittedCharactersImpl
- extends Object
- implements PermittedCharacters
Default implementation of PermittedCharacters.
This class permits only those characters which return true for
at least one of the following:
This implementation should be useful for a large number of applications.
Since SafeText already escapes a long list of special characters, those
special characters are automatically safe for inclusion here.
That is, you can usually accept almost any special character, because
SafeText already does so much escaping anyway.
Given the importance of this issue for web application security, however,
WEB4J still allows you to define your own implementation of this interface, as
desired.
Many applications should replace this implementation with something less liberal.
For example, an alternate implementation might disallow carriage returns and line feeds, or
might specify the characters of some particular block of Unicode.
|
Method Summary |
boolean |
isPermitted(int aCodePoint)
See class comment. |
| Methods inherited from class Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PermittedCharactersImpl
public PermittedCharactersImpl()
isPermitted
public boolean isPermitted(int aCodePoint)
- See class comment.
- Specified by:
isPermitted in interface PermittedCharacters
- Parameters:
aCodePoint - character in the text being passed to the SafeText constructor.
The text, in turn, may come from user input, or from the database. For more information on
code points, please see Character. (Code points are used insteard of char since they are
more general than char.)
Copyright Hirondelle Systems. Published September 24, 2011 - User Guide - All Docs.
Version 4.7.1