org.apache.tomcat.util.http

Class HttpMessages

public class HttpMessages extends Object

Handle (internationalized) HTTP messages.

Author: James Duncan Davidson [duncan@eng.sun.com] James Todd [gonzo@eng.sun.com] Jason Hunter [jch@eng.sun.com] Harish Prabandham costin@eng.sun.com

Field Summary
protected static StringManagersm
Method Summary
static Stringfilter(String message)
Filter the specified message string for characters that are sensitive in HTML.
static StringgetMessage(int status)
Get the status string associated with a status code.
static booleanisSafeInHttpHeader(String msg)
Is the provided message safe to use in an HTTP header.

Field Detail

sm

protected static StringManager sm

Method Detail

filter

public static String filter(String message)
Filter the specified message string for characters that are sensitive in HTML. This avoids potential attacks caused by including JavaScript codes in the request URL that is often reported in error messages.

Parameters: message The message string to be filtered

getMessage

public static String getMessage(int status)
Get the status string associated with a status code. No I18N - return the messages defined in the HTTP spec. ( the user isn't supposed to see them, this is the last thing to translate) Common messages are cached.

isSafeInHttpHeader

public static boolean isSafeInHttpHeader(String msg)
Is the provided message safe to use in an HTTP header. Safe messages must meet the requirements of RFC2616 - i.e. must consist only of TEXT.

Parameters: msg The message to test

Returns: true if the message is safe to use in an HTTP header else false

Copyright © 2000-2011 Apache Software Foundation. All Rights Reserved.