Package org.apache.hadoop.http
Class HttpServer2.QuotingInputFilter
java.lang.Object
org.apache.hadoop.http.HttpServer2.QuotingInputFilter
- All Implemented Interfaces:
javax.servlet.Filter
- Enclosing class:
- HttpServer2
A Servlet input filter that quotes all HTML active characters in the
parameter names and values. The goal is to quote the characters to make
all of the servlets resistant to cross-site scripting attacks. It also
sets X-FRAME-OPTIONS in the header to mitigate clickjacking attacks.
-
Nested Class Summary
Nested Classes -
Constructor Summary
Constructors -
Method Summary
-
Constructor Details
-
QuotingInputFilter
public QuotingInputFilter()
-
-
Method Details
-
init
public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException - Specified by:
initin interfacejavax.servlet.Filter- Throws:
javax.servlet.ServletException
-
destroy
public void destroy()- Specified by:
destroyin interfacejavax.servlet.Filter
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
IOExceptionjavax.servlet.ServletException
-