[cvs] expresso commit by lhamel: make program listings have EOLs again

JCorporate Ltd jcorp at jcorp2.servlets.net
Thu Oct 14 11:44:36 PDT 2004 

Log Message:
-----------
make program listings have EOLs again

Modified Files:
--------------
    expresso/expresso-web/expresso/doc/edg:
        security.xml

Revision Data
-------------
Index: security.xml
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/expresso/doc/edg/security.xml,v
retrieving revision 1.27
retrieving revision 1.28
diff -Lexpresso-web/expresso/doc/edg/security.xml -Lexpresso-web/expresso/doc/edg/security.xml -u -r1.27 -r1.28
--- expresso-web/expresso/doc/edg/security.xml
+++ expresso-web/expresso/doc/edg/security.xml
@@ -378,7 +378,8 @@
 			<para>
 Field data entered into an application can have "filters" applied to it
 automatically to avoid attacks on system security by embedding information
-in the entered data (such as Javascript or other scripting languages).
+in the entered data (such as Javascript or other scripting languages). See more below
+                under string filters.
 			</para>
 		</sect2>
 		<sect2>
@@ -700,7 +701,16 @@
 All Filters implement the 3 methods in the Filter interface, which typically
 have the following implementations (although your Filter can, of course,
 do whatever you like):
-					<programlisting><![CDATA[// Replace control characters with appropriate values, protect against XSS attacks public static final String STANDARD_FILTER = "standardFilter"; // Strip out any unwanted characters, but do not replace them with anything public static final String STRIP_FILTER = "stripFilter"; // Don't do anything public static final String RAW_FILTER = "rawFilter";]]></programlisting>
+<programlisting>
+    // Replace control characters with appropriate values, protect against
+    // XSS attacks
+    public static final String STANDARD_FILTER = "standardFilter";
+
+    // Strip out any unwanted characters, but do not replace them with
+    // anything public static final String STRIP_FILTER = "stripFilter";
+    // Don't do anything
+    public static final String RAW_FILTER = "rawFilter";
+ </programlisting>
 				</para>
 			</sect3>
 			<sect3>
@@ -711,7 +721,13 @@
 to 'standardFilter'. To set the filter method for a field in your DBObject,
 use setStringFilter(fieldname, filtername) within your setupFields() of
 the object, like
-					<programlisting><![CDATA[protected synchronized void setupFields() throws DBException { ... setStringFilter("myfield", FilterManager.RAW_FILTER); ... }]]></programlisting>
+<programlisting>
+protected synchronized void setupFields() throws DBException {
+    ...
+    setStringFilter("myfield", FilterManager.RAW_FILTER);
+    ...
+}
+</programlisting>
 
 (There is also DBObject.setStringFilterOnAll() if you want to have the
 same filter on all fields. Call this AFTER adding all fields in setupFields().)
@@ -723,7 +739,13 @@
 statically. If you need some special filtering, on a permanent basis, a
 different Filter class can be set by getting the metadata and setting DBField.setFilterClass()
 like
-					<programlisting><![CDATA[protected synchronized void setupFields() throws DBException { ... fieldMeta = (DBField) getMetaData().getFieldMetadata("myfield"); fieldMeta.setFilterClass(HtmlPlusURLFilter.class); ... }]]></programlisting>
+<programlisting>
+protected synchronized void setupFields() throws DBException {
+    ...
+    fieldMeta = (DBField) getMetaData().getFieldMetadata("myfield");
+    fieldMeta.setFilterClass(HtmlPlusURLFilter.class);
+    ...
+</programlisting>
 				</para>
 				<para>
 
@@ -736,7 +758,15 @@
 line feeds, instead of &lt;br&gt; for breaks in the text area. You can
 do the following in some controller which creates the Input for the text
 area:
-					<programlisting><![CDATA[Filter old = existing.setFilterClass(new RawFilter()); summaryStr = existing.getField("MyField"); // restore existing.setFilterClass(old); Input title = new Input("myinput"); title.setType(Input.ATTRIBUTE_TEXTAREA); title.setDefaultValue(summaryStr);]]></programlisting>
+
+<programlisting>
+    Filter old = existing.setFilterClass(new RawFilter());
+    summaryStr = existing.getField("MyField");
+    // restore existing.setFilterClass(old);
+    Input title = new Input("myinput");
+    title.setType(Input.ATTRIBUTE_TEXTAREA);
+    title.setDefaultValue(summaryStr);
+</programlisting>
 
 DBObject.setFilterClass(Filter) changes the Filter class on the instance,
 but not the filter method, which is specified on the metadata statically.

More information about the cvs mailing list