|
0
|
1 |
package hirondelle.web4j.security;
|
|
|
2 |
|
|
|
3 |
/**
|
|
|
4 |
Default implementation of {@link hirondelle.web4j.security.PermittedCharacters}.
|
|
|
5 |
|
|
|
6 |
<P>This class permits only those characters which return <tt>true</tt> for
|
|
|
7 |
{@link Character#isValidCodePoint(int)}.
|
|
|
8 |
|
|
|
9 |
<P>Since {@link SafeText} already escapes a long list of special characters, those
|
|
|
10 |
special characters are automatically safe for inclusion here.
|
|
|
11 |
<em>That is, you can usually accept almost any special character, because
|
|
|
12 |
<tt>SafeText</tt> already does so much escaping anyway.</em>
|
|
|
13 |
|
|
|
14 |
<P>Given the importance of this issue for web application security, however,
|
|
|
15 |
WEB4J still allows you to define your own implementation of this interface, as
|
|
|
16 |
desired.
|
|
|
17 |
|
|
|
18 |
<P>This is a very liberal implementation. Applications should consider replacing this
|
|
|
19 |
implementation with something less liberal. For example, an alternate implementation
|
|
|
20 |
might disallow carriage returns and line feeds, or might specify the characters of
|
|
|
21 |
some particular block of Unicode.
|
|
|
22 |
*/
|
|
|
23 |
public class PermittedCharactersImpl implements PermittedCharacters {
|
|
|
24 |
|
|
|
25 |
/** See class comment. */
|
|
|
26 |
public boolean isPermitted(int aCodePoint) {
|
|
|
27 |
return Character.isValidCodePoint(aCodePoint);
|
|
|
28 |
}
|
|
|
29 |
|
|
|
30 |
}
|