Created
November 20, 2014 10:30
-
-
Save mfukar/d1ffd92d6b6bc25a5143 to your computer and use it in GitHub Desktop.
How not to filter untrusted input.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
private InputFilter getCharactersLimited() { | |
// Limit characters input | |
InputFilter[] filters = new InputFilter[1]; | |
filters[0] = new InputFilter(){ | |
@Override | |
public CharSequence filter(CharSequence source, int start, int end, Spanned dest, int dstart, int dend) { | |
if (end > start) { | |
char[] acceptedChars = new char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', | |
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', | |
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', ' ', '(', ')', '-', '{', '}', ':', '\\', '\'', ',', '.', '?', '/', '+'}; | |
for (int index = start; index < end; index++) { | |
if (!new String(acceptedChars).contains(String.valueOf(source.charAt(index)))) { | |
return ""; | |
} | |
} | |
} | |
return null; | |
} | |
}; | |
return filters[0]; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment