ReferenceInsertionFilter (Scarab 1.0-b21-dev API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.tigris.scarab.util
Class ReferenceInsertionFilter

java.lang.Object
  org.tigris.scarab.util.ReferenceInsertionFilter

All Implemented Interfaces:: org.apache.velocity.app.event.EventHandler, org.apache.velocity.app.event.NullSetEventHandler, org.apache.velocity.app.event.ReferenceInsertionEventHandler

public class ReferenceInsertionFilter
extends java.lang.Object
implements org.apache.velocity.app.event.ReferenceInsertionEventHandler, org.apache.velocity.app.event.NullSetEventHandler

This is a Velocity EventCartridge Filter which is responsible for processing $ variables when they are rendered in a template. The current purpose of this filter is to process out CSS (cross site scripting) vulnerabilities. There is some commented out code that adds a bit of timing information to make sure that the processing doesn't add to much overhead. In limited testing, it looks like this class only adds about 0-2ms of processing time to each request.

This class also implements the NullSetEventHandler and returns false from the shouldLogOnNullSet because we don't need that stuff showing up in the log files.

Version:: $Id: ReferenceInsertionFilter.java 7365 2003-03-15 21:56:59Z jon $
Author:: Jon S. Stevens

Constructor Summary
`ReferenceInsertionFilter()`

Method Summary
`static java.lang.String`	`filter(java.lang.String value)` This method is borrowed from Struts.
`java.lang.Object`	`referenceInsert(java.lang.String reference, java.lang.Object value)`
`boolean`	`shouldLogOnNullSet(java.lang.String lhs, java.lang.String rhs)`

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail