org.apache.hadoop.http
Class HttpServer.QuotingInputFilter

java.lang.Object
  extended by org.apache.hadoop.http.HttpServer.QuotingInputFilter
All Implemented Interfaces:
javax.servlet.Filter
Enclosing class:
HttpServer

public static class HttpServer.QuotingInputFilter
extends Object
implements javax.servlet.Filter

A Servlet input filter that quotes all HTML active characters in the parameter names and values. The goal is to quote the characters to make all of the servlets resistant to cross-site scripting attacks.


Nested Class Summary
static class HttpServer.QuotingInputFilter.RequestQuoter
           
 
Constructor Summary
HttpServer.QuotingInputFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
           
 void init(javax.servlet.FilterConfig config)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HttpServer.QuotingInputFilter

public HttpServer.QuotingInputFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException


Copyright © 2009 The Apache Software Foundation