Question: The filterString() method in this code example normalizes the input string, validates that the input does not contain a tag, and then removes any

The filterString() method in this code example normalizes the input string, validates

The filterString() method in this code example normalizes the input string, validates that the input does not contain a tag, and then removes any noncharacter code points from the input string. Because input validation is performed before the removal of any noncharacter code points, an attacker can include noncharacter code points in the tag to bypass the validation checks. Modify the program to replace all noncharacter code points with Unicode FFFD before validating input. import java.text.Normalizer; import java.text.Normalizer.Form; import java.util.regex.Matcher; import java.util.regex.Pattern; public class TagFilter { public static String filterString (String str) { String s = Normalizer.normalize (str, Form.NFKC); } } // Validate input Pattern pattern Matcher matcher if (matcher.find()) { throw new IllegalArgumentException ("Invalid input"); } } = = Pattern.compile(" "); pattern.matcher(s); // Deletes noncharacter code points S = s.replaceAll("[\\p{Cn}]", ""); return s; public static void main(String[] args) { // "\uFDEF" is a noncharacter code point String maliciousInput = " "; String sb = filterString (maliciousInput); // sb = " " X

Step by Step Solution

3.38 Rating (151 Votes )

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock

To replace all noncharacter code points with Unicode FFD before validating input you can m... View full answer

blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Programming Questions!

Q:

Match the following, discussing the negotiation process: Column A 1 .Use your power to get the other party to give you what you want. 2. Make the first offer concession. 3. Start by asking for their...

Q:

Answer the questiong correctly, show approprite code and output of compiled code. Balanced Parentheses A stack is a data structure where data is accessed using the LIFO (last in first out) principle....

Q:

Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...

Q:

Program #1 The filterString() method in this code example normalizes the input string, validates that the input does not contain a tag, and then removes any noncharacter code points from the input...

Q:

The filterString() method in this code example normalizes the input string, validates that the input does not contain a tag, and then removes any noncharacter code points from the input string....

Q:

Program #1 The filterString() method in this code example normalizes the input string, validates that the input does not contain a tag, and then removes any noncharacter code points from the input...

Q:

1) Which of the following can you NOT format using CSS3 pseudo-classes? (1pts) valid fields invalid fields required fields non-required fields 2) What does an HTML5 type attribute for an input...

Q:

You have collected a file of movie ratings where each movie is rated from 1 (bad) to 5 (excellent). The first line of the file is a number that identifies how many ratings are in the file. Each...

Q:

Build a Customer Business Object . This class will have 6 properties, custId, custPassword, custFirstName, custLastName, custAddress and custEmail. Build an empty args Constructor in the Customer...

Q:

Create a public class named Exponent. Inside the main method of this class, obtain a double input using a dialog box. Pass the input value to a non-static method that returns the square value of the...

Q:

Mercado Corporation has the following budgeted unit sales for the next three-month period: There were 30,000 units of finished goods in inventory at the beginning of June. Plans are to have an...

Q:

Input values to the quiz 3.5 1.5 0.8 Solve the problem below and enter answers in first row above. Do NOT enter units or any other tex A simply supported beam carrying a triangular distributed load...

Q:

Consider a plate of 2.4 m x 3.0 m shown below. First, find the temperature distribution at the interior nodes using a square grid with a length of 0.1 m and a relative error of 1E-6 for the case in...

Q:

I. What is business analysis? and how it is helpful for organizations? II. What does enterprise content management involve? III. What is business process management? IV. Outline the key benefits of...

Q:

MRO and Logistics Management Describe an MRO's procurement application of logistics and supply chain management. Describe ways to reduce hidden costs in MRO's logistics. Explain the differences...

Q:

a) In each of the following plots, a training dataset of data points X in R^2 labeled either + or - is given, where the original features are the coordinates (x,y). You can assume that the data is...

Q:

a company issues 1.01 million shares of preferred stock with a par value of $2.50 at its market price of $26.50 per share. The issuance should be recorded with a debit to cash for:

Q:

In the synthesis of the keto acid just given, the dicarboxylic acid decarboxylates in a specific way; it gives Explain. HO rather than HO

Q:

1.Lincoln's status among voters was on the decline in late 1863 and throughout 1864. Which of the following is not a reason why many people opposed Lincoln's reelection in 1864? a. He appeared to...

Q:

Skyler is covered by his company's health insurance plan. The health insurance costs his company $3,500 a year. During the year, Skyler is diagnosed with a serious illness and the health insurance...

Q:

For each of the following situations, indicate whether the taxpayer(s) is (are) required to file a tax return for 2012. Explain your answer. a. Helen is a single taxpayer with interest income in 2012...

Q:

The following additional information is available for the Dr. Ivan and Irene Incisor family from Chapters 1-6. On December 12, Irene purchased the building where her store is located. She paid...

Q:

Leah Sanchez is concerned that if she orders too few calendars, customers disappointment in not finding a calendar might drive them to shop elsewhere, resulting in more of a loss over the long term...

Q:

Explain why a simulation model with only discrete probability distributions produces the same results as the corresponding decision tree model even though it uses very different solution methods.

Q:

Explain why in decision analysis we are concerned with the expected value of information.