...
This noncompliant code example uses the locale-dependent String.toUpperCase() method to convert an HTML tag to upper case. While the English locale would convert "title" to "TITLE", the Turkish locale will convert "title" to "T?TLE," where '?' is the Latin capital letter 'I' with a dot above the character [API 2006].
| Code Block | ||
|---|---|---|
| ||
"title".toUpperCase();
|
Compliant Solution (Explicit Locale)
This compliant solution explicitly sets the locale to English to avoid unexpected results.
| Code Block | ||
|---|---|---|
| ||
"title".toUpperCase(Locale.ENGLISH);
|
...
This compliant solution sets the default locale to English before proceeding with string operations.
| Code Block | ||
|---|---|---|
| ||
Locale.setDefault(Locale.ENGLISH);
"title".toUpperCase();
|
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS09-J | medium | probable | medium | P8 | L2 |
Android Implementation Details
A developer can specify locale on Android using java.util.Locale.
Bibliography
[API 2006] | Class |
IDS08-J. Sanitize untrusted data passed to a regex IDS10-J. Do not split characters between two data structures