SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 7

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Wiki Markup
This noncompliant code example uses the locale sensitive {{String.toUpperCase()}} method to convert an html tag to uppercase. This produces the string ""T?TLE"" in the Turkish locale wherein '?' is the Latin capital letter 'I' with a dot above the character \[[API 06|AA. Java References#API 06]\].

Code Block
bgColor#FFcccc
"title""title".toUpperCase();

Compliant Solution

This compliant solution explicitly sets the locale to English to avoid the unexpected result.

Code Block
bgColor#ccccff
"title""title".toUpperCase(Locale.ENGLISH);

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] Class {{String}}

...

IDS13-J. Properly encode or escape output            10. Input Validation and Data Sanitization (IDS)            IDS15-J. Library methods should validate their parameters