001    package hirondelle.web4j.security;
002    
003    /**
004     Default implementation of {@link hirondelle.web4j.security.PermittedCharacters}.
005     
006     <P>This class permits only those characters which return <tt>true</tt> for
007     {@link Character#isValidCodePoint(int)}.
008     
009     <P>Since {@link SafeText} already escapes a long list of special characters, those 
010     special characters are automatically safe for inclusion here.
011     <em>That is, you can usually accept almost any special character, because 
012     <tt>SafeText</tt> already does so much escaping anyway.</em>
013     
014     <P>Given the importance of this issue for web application security, however, 
015     WEB4J still allows you to define your own implementation of this interface, as 
016     desired. 
017     
018     <P>This is a very liberal implementation. Applications should consider replacing this 
019     implementation with something less liberal. For example, an alternate implementation 
020     might disallow carriage returns and line feeds, or might specify the characters of 
021     some particular block of Unicode.
022    */
023    public class PermittedCharactersImpl implements PermittedCharacters {
024    
025      /** See class comment. */
026      public boolean isPermitted(int aCodePoint) {
027        return Character.isValidCodePoint(aCodePoint);
028      }
029      
030    }