Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Comment:
no bad method calls, please 
...
| Code Block | ||
|---|---|---|
| ||
import java.text.Normalizer;
import java.text.Normalizer.Form;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class TagFilter {
public static String filterString(String str) {
String s = Normalizer.normalize(str, Form.NFKC);
// Validate input
Pattern pattern = Pattern.compile("<script>");
Matcher matcher = pattern.matcher(s);
if (matcher.find()) {
throw new IllegalArgumentException("Invalid input");
}
// Deletes noncharacter code points
s = s.replaceAll("[\\p{Cn}]", "");
return s;
}
public static void main(String[] args) {
// "\uFDEF" is a noncharacter code point
String maliciousInput = "<scr" + "\uFDEF" + "ipt>";
String sb = filterStringBadfilterString(maliciousInput);
// sb = "<script>"
}
} |
...