SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 17

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: code samples need doPost()

...

Code Block
bgColor#ffcccc
langjava
public class SampleServlet extends HttpServlet {

  public void doGet(HttpServletRequest request, HttpServletResponse response)
    throws IOException, ServletException {
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();
    out.println("<html>");

    String visible = request.getParameter("visible");
    String hidden = request.getParameter("hidden");

    if (visible != null || hidden != null) {
      out.println("Visible Parameter:");
      out.println( sanitize( visible));
      out.println("<br>Hidden Parameter:");
      out.println(hidden);
    } else {
      out.println("<p>");
      out.print("<form action=\"");
      out.print("SampleServlet\" ");
      out.println("method=POST>");
      out.println("Parameter:");
      out.println("<input type=text size=20 name=visible>");
      out.println("<br>");

      out.println("<input type=hidden name=hidden value=\'a benign value\'>");
      out.println("<input type=submit>");
      out.println("</form>");
    }
  }

  public void doPost(HttpServletRequest request, HttpServletResponse response)
    throws IOException, ServletException {
    doGet(request, response);
  }

  // Filter the specified message string for characters
  // that are sensitive in HTML. 
  public static String sanitize(String message) {
    // ...
  }
}

...

Code Block
bgColor#ccccff
langjava
public class SampleServlet extends HttpServlet {
  public void doGet(HttpServletRequest request, HttpServletResponse response)
    throws IOException, ServletException {
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();
    out.println("<html>");

    String visible = request.getParameter("visible");
    String hidden = request.getParameter("hidden");

    if (visible != null || hidden != null) {
      out.println("Visible Parameter:");
      out.println( sanitize( visible));
      out.println("<br>Hidden Parameter:");
      out.println( sanitize(hidden));          // hidden variable sanitized
    } else {
      out.println("<p>");
      out.print("<form action=\"");
      out.print("SampleServlet\" ");
      out.println("method=POST>");
      out.println("Parameter:");
      out.println("<input type=text size=20 name=visible>");
      out.println("<br>");

      out.println("<input type=hidden name=hidden value=\'a benign value\'>");
      out.println("<input type=submit>");
      out.println("</form>");
    }
  }

  public void doPost(HttpServletRequest request, HttpServletResponse response)
    throws IOException, ServletException {
    doGet(request, response);
  }

  // Filter the specified message string for characters
  // that are sensitive in HTML. 
  public static String sanitize(String message) {
    // ...
  }
}

...