I have to do validation for a string passed in a particular field in a jsp.The string that is passed must not contain words like "script","delete","insert" etc.If these words are somehow found in the string then I will redirect the current page to an error page.Now I will have to use a java class file which will compare the strings passed with a standard set of words and special characters.I have been able to do the check for special characters.But how to check for a particular word in a string,say "delete"???
Look at the java.lang.String class in the API docs. The contains() and matches() methods should help you.
SCJP 6 || SCWCD 5
Joined: Feb 14, 2010
Michael Angstadt wrote:Look at the java.lang.String class in the API docs. The contains() and matches() methods should help you.
I thought about it.But the basic problem with contains() is it is a feature of jre 1.5 ,and I want my code to be compatible in computers with older jre,say 1.4.Now matches() is compliant with jre 1.4.Let me have a look.
Thank you for pointing out.Well,I will do something like this-
Or I can append something at the beginning of the string.Well,I was working on this,and this approach works.Now,again I have a problem.
As I have said before,my objective is to do validation for the strings that are passed in a jsp from another using request.getparameter().
I am passing the request object to a method,running an Enumeration and validating the strings that are passed one by one using another method.
Something like this::
But,I am facing a very basic issue here.I am doing validation against special characters and some keywords here
There are various fields in the jsp where various kinds of data are passed.Say,for example there is a field where "date" is passed.Now date is in the format mm/dd/yyyy. Hence it contains the character "/".Similarly,the field "company_name" may contain characters like "-" and ".".
Till now,I was passing the request class for validation.Like this:
But,I cannot use this approach because as I said some of the objects may pass Strings containing "date" or "company_name" which are bound to contain some special characters.
I can obviously pass each request.getparameter() to a method performing validation,but thats too cumbersome to do.I want to know what is the proper approach in situations like this.
I would suggest the following: Create an abstract class that contains methods for doing common validations, such as checking if a field is empty and if a date is in a correct format. This abstract class will have an abstract method which performs the validation. A sub class is then created for each form in your application, which validates the particular fields for that form:
There are validation tools out there which do this sort of thing in a nice, elegant way, but these tools take time to learn, so in the short term, I might write my own validation.
Joined: Feb 14, 2010
@ Michael Angstadt
As for example:
I will try to elaborate on what I am trying to achieve here.Basically I want to develop a simple java class file that will take care of "Cross Site Scripting".I want a simple java class file as I want to re-use it in various other jsp.
But this idea of using Abstract class is good.Let me see what I can do.