001 package hirondelle.web4j.security; 002 003 /** 004 Default implementation of {@link hirondelle.web4j.security.PermittedCharacters}. 005 006 <P>This class permits only those characters which return <tt>true</tt> for 007 {@link Character#isValidCodePoint(int)}. 008 009 <P>Since {@link SafeText} already escapes a long list of special characters, those 010 special characters are automatically safe for inclusion here. 011 <em>That is, you can usually accept almost any special character, because 012 <tt>SafeText</tt> already does so much escaping anyway.</em> 013 014 <P>Given the importance of this issue for web application security, however, 015 WEB4J still allows you to define your own implementation of this interface, as 016 desired. 017 018 <P>This is a very liberal implementation. Applications should consider replacing this 019 implementation with something less liberal. For example, an alternate implementation 020 might disallow carriage returns and line feeds, or might specify the characters of 021 some particular block of Unicode. 022 */ 023 public class PermittedCharactersImpl implements PermittedCharacters { 024 025 /** See class comment. */ 026 public boolean isPermitted(int aCodePoint) { 027 return Character.isValidCodePoint(aCodePoint); 028 } 029 030 }