SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 39

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 40

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor code edit, removed sysout stmt and added illegalstate exception

...

Code Block
bgColor#FFcccc
// String s may be user controllable
// \uFE64 is normalized to < and \uFE65 is normalized to > using NFKC
String s = "\uFE64" + "script" + "\uFE65"; 

// Validate
Pattern pattern = Pattern.compile("[<>]"); // Check for angle brackets
Matcher matcher = pattern.matcher(s);
if (matcher.find()) {
  System.out.println("found// Found black listed tag"
  throw new IllegalStateException();
} else {
  // ... 
}

// Normalize
s = Normalizer.normalize(s, Form.NFKC);

...

Code Block
bgColor#ccccff
String s = "\uFE64" + "script" + "\uFE65";

// normalize
s = Normalizer.normalize(s, Form.NFKC); 

//validate
Pattern pattern = Pattern.compile("[<>]"); 
Matcher matcher = pattern.matcher(s);
if (matcher.find()) {
  System.out.println("found // Found black listed tag"); 
  throw new IllegalStateException();
} else {
  // ... 
}

...