Using local sensitive methods on data that should be interpreted locale independently can produce unexpected results. Locale independent data includes programming language identifiers, protocol keys and HTML tags. It may even be possible to bypass input filters by supplying locale specific data. For example, if a string is converted to uppercase, it may be declared valid, ; however, further down when changed to lower case, it may result in a black-listed string.
...
This advice also applies to the String.equalsIgnoreCase() method.
Risk Assessment
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS16-J | medium | probable | medium | P8 | L2 |
...