- All Implemented Interfaces:
This filter prevents the attack by explicitly setting a character set. Unless the provided character set is explicitly overridden by the user - in which case they deserve everything they get - the browser will adhere to an explicitly set character set, thus preventing the XSS attack.
Nested Class SummaryModifier and TypeClassDescription
static classWrapper that adds a character set for text media types if no character set is specified.
Method SummaryModifier and TypeMethodDescription
doFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
voidIterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setEncodingpublic void setEncoding
getLoggerprotected Log getLogger()
initDescription copied from class:
FilterBaseIterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
- Specified by:
filterConfig- The configuration information associated with the filter instance being initialised
trueand a configured parameter does not have a matching setter
doFilterpublic void doFilter
(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletExceptionDescription copied from interface:
doFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.
A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.
request- The request to process
response- The response associated with the request
chain- Provides access to the next filter in the chain for this filter to pass the request and response to for further processing
IOException- if an I/O error occurs during this filter's processing of the request
ServletException- if the processing fails for any other reason