Changeset 2c82232 for apps/jetty


Ignore:
Timestamp:
Jul 26, 2014 1:43:52 PM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
ca5755b0
Parents:
f0dd09c
Message:

filter pattern tweaks

Location:
apps/jetty/java/src/net/i2p/servlet/filters
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java

    rf0dd09c r2c82232  
    1111import javax.servlet.http.HttpServletRequest;
    1212
     13/**
     14 *  @since 0.9.14
     15 */
    1316public class XSSFilter implements Filter {
    1417    @Override
  • apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java

    rf0dd09c r2c82232  
    1111import net.i2p.util.Log;
    1212
     13/**
     14 *  @since 0.9.14
     15 */
    1316public class XSSRequestWrapper extends HttpServletRequestWrapper {
    1417    // Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
    15     private static Pattern parameterValuePattern = Pattern.compile("^[a-zA-Z0-9.,:\\-\\/+=@_ \r\n]*$");
    16     private static Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
     18    private static final Pattern parameterValuePattern = Pattern.compile("^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$");
     19    private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
    1720
    1821    public XSSRequestWrapper(HttpServletRequest servletRequest) {
Note: See TracChangeset for help on using the changeset viewer.