| java.lang.Object com.jcorporate.expresso.core.security.filters.Filter
All known Subclasses: com.jcorporate.expresso.core.security.filters.RawFilter, com.jcorporate.expresso.core.security.filters.ISO_8859_1, com.jcorporate.expresso.core.security.filters.gb2312, com.jcorporate.expresso.core.security.filters.HtmlFilter, com.jcorporate.expresso.core.security.filters.XmlFilter, com.jcorporate.expresso.core.security.filters.ISO_8859_1_eForum,
Filter | public class Filter (Code) | | This is the base class for all filters. The purpose of the filter mechanism
is to remove possibly harmful html code that could be injected into dynamic
html code by a hacker. The resulting code may steal users passwords from clients
and do other bad things to their machines. Expresso implements transparent
filtering by automatically filtering all string content from databases and
input parameters.
How to Create your own character-set filter
1 - Derive a class from Filter. The name of the class should be the name of the
characterset you're using. If the characterset's name includes hyphens, substitute
underscores ('_') for the hyphens in naming your filter.
2 - Create two arrays, one contains the characters that are special control
characters and should be taken care of. The second array contains the strings
that will be substituted whenever one of the control characters is encountered
(in standardMethod)
3 - In your default constructor, pass those two arrays to the constructor of the
base Filter Class
For a working example see
author: Michael Rimov See Also: com.jcorporate.expresso.core.security.filters.ISO_8859_1 |
Constructor Summary | |
public | Filter() | public | Filter(String[] specialChars, String[] replacementStrings) Constructor that fills that creates and fills the replacementList. |
Method Summary | |
public String | rawFilter(String data) rawFilter actually doesn't do anything its simply
returns an exact copy of the original. | public String | standardFilter(String data) This filter HTML encodes all special characters defined by the replacement
list. | public String | stripFilter(String data) This filter strips out all special characters defined by the replacement
list. |
maxReplaceLength | int maxReplaceLength(Code) | | |
Filter | public Filter(String[] specialChars, String[] replacementStrings) throws IllegalArgumentException(Code) | | Constructor that fills that creates and fills the replacementList. The key of
specialChars[i] maps to replacementStrings[i]. Thw two arrays must be of
equal size.
Parameters: specialChars - - the array of special character Strings we need to filter. Parameters: replacementStrings - - the array of strings the special characters mapto throws: IllegalArgumentException - if specialChars.length()!= replacementStrings.length() |
rawFilter | public String rawFilter(String data)(Code) | | rawFilter actually doesn't do anything its simply
returns an exact copy of the original. This has to be used
for things like content management issues
Parameters: data - The String to scan. The filtered string |
standardFilter | public String standardFilter(String data)(Code) | | This filter HTML encodes all special characters defined by the replacement
list. If a particular character doesn't exist in the map, then the chracter
is passed appended into the result set.
If it does exist, then the value the special character maps to is appended
into the list instead.
Parameters: data - The string to encode. The filtered string |
stripFilter | public String stripFilter(String data)(Code) | | This filter strips out all special characters defined by the replacement
list. If a particular character doesn't exist in the map, then the chracter
is passed appended into the result set.
If it does exist, then a space is appended to the string
Parameters: data - The string to scan. The filtered string |
|
|