com.jcorporate.expresso.core.security.filters
Class Filter

java.lang.Object
  com.jcorporate.expresso.core.security.filters.Filter

Direct Known Subclasses:

gb2312, HtmlFilter, ISO_8859_1, ISO_8859_1_eForum, RawFilter, XmlFilter

public class Filter

extends Object

This is the base class for all filters. The purpose of the filter mechanism is to remove possibly harmful html code that could be injected into dynamic html code by a hacker. The resulting code may steal users passwords from clients and do other bad things to their machines. Expresso implements transparent filtering by automatically filtering all string content from databases and input parameters.

How to Create your own character-set filter

1 - Derive a class from Filter. The name of the class should be the name of the characterset you're using. If the characterset's name includes hyphens, substitute underscores ('_') for the hyphens in naming your filter.

2 - Create two arrays, one contains the characters that are special control characters and should be taken care of. The second array contains the strings that will be substituted whenever one of the control characters is encountered (in standardMethod)

3 - In your default constructor, pass those two arrays to the constructor of the base Filter Class

For a working example see

Author:

Michael Rimov

See Also:

ISO_8859_1

Constructor Summary

Filter()

Filter(String[] specialChars, String[] replacementStrings)
Constructor that fills that creates and fills the replacementList.

Method Summary

String	rawFilter(String data) rawFilter actually doesn't do anything its simply returns an exact copy of the original.
String	standardFilter(String data) This filter HTML encodes all special characters defined by the replacement list.
String	stripFilter(String data) This filter strips out all special characters defined by the replacement list.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Filter

public Filter()

Filter

public Filter(String[] specialChars,
              String[] replacementStrings)
       throws IllegalArgumentException

Constructor that fills that creates and fills the replacementList. The key of specialChars[i] maps to replacementStrings[i]. Thw two arrays must be of equal size.

Parameters:

specialChars - - the array of special character Strings we need to filter.

replacementStrings - - the array of strings the special characters map to

Throws:

IllegalArgumentException - if specialChars.length() != replacementStrings.length()

Method Detail

rawFilter

public String rawFilter(String data)

rawFilter actually doesn't do anything its simply returns an exact copy of the original. This has to be used for things like content management issues

Parameters:

data - The String to scan.

Returns:

The filtered string

standardFilter

public String standardFilter(String data)

This filter HTML encodes all special characters defined by the replacement list. If a particular character doesn't exist in the map, then the chracter is passed appended into the result set.

If it does exist, then the value the special character maps to is appended into the list instead.

Parameters:

data - The string to encode.

Returns:

The filtered string

stripFilter

public String stripFilter(String data)

This filter strips out all special characters defined by the replacement list. If a particular character doesn't exist in the map, then the chracter is passed appended into the result set.

If it does exist, then a space is appended to the string

Parameters:

data - The string to scan.

Returns:

The filtered string