Appendix D. BadInputFilterValve.java
This appendix gives the full source code to BadInputFilterValve.java (Example D-1), which we introduced and detailed in Chapter 6. You can download this file from this book’s web site at http://www.oreilly.com/catalog/tomcat.
/* * $Header: $ * $Revision: $ * $Date: $ * * Copyright (c) 2003 O'Reilly And Associates. All rights reserved. * */ package com.oreilly.tomcat.valves; import java.io.IOException; import java.util.HashMap; import java.util.Iterator; import java.util.Set; import javax.servlet.ServletException; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; import org.apache.catalina.HttpRequest; import org.apache.catalina.HttpResponse; import org.apache.catalina.Logger; import org.apache.catalina.Request; import org.apache.catalina.Response; import org.apache.catalina.ValveContext; import org.apache.catalina.util.ParameterMap; import org.apache.catalina.valves.ValveBase; import org.apache.catalina.valves.RequestFilterValve; /** * Filters out bad user input from HTTP requests to avoid malicious * attacks including Cross-Site Scripting (XSS), SQL Injection, and * HTML Injection vulnerabilities, among others. * * @author Jason Brittain */ public class BadInputFilterValve extends RequestFilterValve { // ----------------------------------------------------------- ...
Get Tomcat: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.