org.apache.tomcat.util.http
Class HttpMessages

java.lang.Object
  extended byorg.apache.tomcat.util.http.HttpMessages

public class HttpMessages
extends java.lang.Object

Handle (internationalized) HTTP messages.

Author:
James Duncan Davidson [duncan@eng.sun.com], James Todd [gonzo@eng.sun.com], Jason Hunter [jch@eng.sun.com], Harish Prabandham, costin@eng.sun.com

Field Summary
protected static StringManager sm
           
 
Constructor Summary
HttpMessages()
           
 
Method Summary
static java.lang.String filter(java.lang.String message)
          Filter the specified message string for characters that are sensitive in HTML.
static java.lang.String getMessage(int status)
          Get the status string associated with a status code.
static boolean isSafeInHttpHeader(java.lang.String msg)
          Is the provided message safe to use in an HTTP header.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

sm

protected static StringManager sm
Constructor Detail

HttpMessages

public HttpMessages()
Method Detail

getMessage

public static java.lang.String getMessage(int status)
Get the status string associated with a status code. No I18N - return the messages defined in the HTTP spec. ( the user isn't supposed to see them, this is the last thing to translate) Common messages are cached.


filter

public static java.lang.String filter(java.lang.String message)
Filter the specified message string for characters that are sensitive in HTML. This avoids potential attacks caused by including JavaScript codes in the request URL that is often reported in error messages.

Parameters:
message - The message string to be filtered

isSafeInHttpHeader

public static boolean isSafeInHttpHeader(java.lang.String msg)
Is the provided message safe to use in an HTTP header. Safe messages must meet the requirements of RFC2616 - i.e. must consist only of TEXT.

Parameters:
msg - The message to test
Returns:
true if the message is safe to use in an HTTP header else false


Copyright © 2000-2012 Apache Software Foundation. All Rights Reserved.