Java Reference
In-Depth Information
Character.isWhitespace(ch)) {
sb.append(ch);
} else {
sb.append("&#" + (int)ch + ";");
}
}
return sb.toString();
}
}
// ...
@RequestMapping("/getnotifications.htm")
public ModelAndView getNotifications(HttpServletRequest request,
HttpServletResponse response) {
ValidateOutput vo = new ValidateOutput();
ModelAndView mv = new ModelAndView();
try {
UserInfo userDetails = getUserInfo();
List<Map<String,Object>> list =
new ArrayList<Map<String,Object>>();
List<Notification> notificationList =
NotificationService.getNotificationsForUserId(
serDetails.getPersonId());
for (Notification notification: notificationList) {
Map<String,Object> map = new HashMap<String,Object>();
map.put("id", vo.validate("id" ,notification.getId()));
map.put("message",
vo.validate("message", notification.getMessage()));
list.add(map);
}
mv.addObject("Notifications", list);
}
catch (Throwable t) {
// Log to file and handle
}
return mv;
}
Outputencodingandescapingismandatorywhenacceptingdangerouscharacterssuch
asdoublequotesandanglebraces.Evenwheninputiswhitelistedtodisallowsuchcharac-
Previous Page
Next Page
Java Coding Guidelines
Search WWH ::




Custom Search
Home