我无法使用下面的 of 方法ESAPI
class'
java.lang.String getValidInput(java.lang.String context,
java.lang.String input,
java.lang.String type,
int maxLength,
boolean allowNull)
throws ValidationException,
IntrusionException
Parameters:
type - The regular expression name that maps to the actual regular expression from "ESAPI.properties".
如何传递参数类型ESAPI.properties
文件?
有没有我可以参考的使用属性文件值的示例?
这是一个示例调用,我在其中验证“收件人”地址字段:
validator.getValidInput("toAddress", it.next(), "Email", Email.MAX_ADDRESS_SIZE, true)
ESAPI 假设您正在使用 IDE 或可以访问直接源代码。如果您使用的是 Eclipse,只需将鼠标悬停在方法名称上,就会显示参数类型。
===更新===
这是直接来自 javadoc 的 rip:
/**
* Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
* and input that is clearly an attack will generate a descriptive IntrusionException.
*
* @param context
* A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
* @param input
* The actual user input data to validate.
* @param type
* The regular expression name that maps to the actual regular expression from "ESAPI.properties".
* @param maxLength
* The maximum post-canonicalized String length allowed.
* @param allowNull
* If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
*
* @return The canonicalized user input.
*
* @throws ValidationException
* @throws IntrusionException
*/
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)