|
|||||||||
| Home >> All >> com >> jcorporate >> expresso >> core >> security >> [ filters overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
com.jcorporate.expresso.core.security.filters
Class Filter
java.lang.Objectcom.jcorporate.expresso.core.security.filters.Filter
- Direct Known Subclasses:
- gb2312, HtmlFilter, ISO_8859_1, ISO_8859_1_eForum, RawFilter, XmlFilter
- public class Filter
- extends java.lang.Object
This is the base class for all filters. The purpose of the filter mechanism is to remove possibly harmful html code that could be injected into dynamic html code by a hacker. The resulting code may steal users passwords from clients and do other bad things to their machines. Expresso implements transparent filtering by automatically filtering all string content from databases and input parameters.
How to Create your own character-set filter
1 - Derive a class from Filter. The name of the class should be the name of the characterset you're using. If the characterset's name includes hyphens, substitute underscores ('_') for the hyphens in naming your filter.
2 - Create two arrays, one contains the characters that are special control characters and should be taken care of. The second array contains the strings that will be substituted whenever one of the control characters is encountered (in standardMethod)
3 - In your default constructor, pass those two arrays to the constructor of the base Filter Class
For a working example see
| Field Summary | |
(package private) int |
maxReplaceLength
|
(package private) FilterTree |
parseTree
|
(package private) FilterTree |
stripTree
|
| Constructor Summary | |
Filter()
|
|
Filter(java.lang.String[] specialChars,
java.lang.String[] replacementStrings)
Constructor that fills that creates and fills the replacementList. |
|
| Method Summary | |
java.lang.String |
rawFilter(java.lang.String data)
rawFilter actually doesn't do anything its simply returns an exact copy of the original. |
java.lang.String |
standardFilter(java.lang.String data)
This filter HTML encodes all special characters defined by the replacement list. |
java.lang.String |
stripFilter(java.lang.String data)
This filter strips out all special characters defined by the replacement list. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
maxReplaceLength
int maxReplaceLength
parseTree
FilterTree parseTree
stripTree
FilterTree stripTree
| Constructor Detail |
Filter
public Filter()
Filter
public Filter(java.lang.String[] specialChars, java.lang.String[] replacementStrings) throws java.lang.IllegalArgumentException
- Constructor that fills that creates and fills the replacementList. The key of
specialChars[i] maps to replacementStrings[i]. Thw two arrays must be of
equal size.
| Method Detail |
rawFilter
public java.lang.String rawFilter(java.lang.String data)
- rawFilter actually doesn't do anything its simply
returns an exact copy of the original. This has to be used
for things like content management issues
standardFilter
public java.lang.String standardFilter(java.lang.String data)
- This filter HTML encodes all special characters defined by the replacement
list. If a particular character doesn't exist in the map, then the chracter
is passed appended into the result set.
If it does exist, then the value the special character maps to is appended
into the list instead.
stripFilter
public java.lang.String stripFilter(java.lang.String data)
- This filter strips out all special characters defined by the replacement
list. If a particular character doesn't exist in the map, then the chracter
is passed appended into the result set.
If it does exist, then a space is appended to the string
|
|||||||||
| Home >> All >> com >> jcorporate >> expresso >> core >> security >> [ filters overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||