I have a set of characters I want to escape in an http request so that I can make a web site more secure.
I will be iterating through all the fields on the form and I want to compare each character in each request parameter to a string of known problem characters such as "%&<>" etc. I will then want to escape them by adding a "\" in front of it so they are taken as literals.
I am writing both the parameter value (form field value) and the string of bad characters to chars and I am comparing each element in these arrays to each other in nested for loops.
- I want to ultimately have a new string, that I can post back to the request, that will have "\" in front of all the invalid characters. *
My questions are...
1) I can't replace a char element with more than 1 character. So I can't, say, replace a "%" with a "\%" directly inside the char array. What is the best way to build the new string outside of updating the array?
Instead of placing a "\" in front I may just strip out the invalid characters altogether.
2) How do I write an empty value, say "", to a char element so I can replace "%" with nothing say?
3) How do I write out the contents of a char to a string in general?
I am willing to give up using char altogether if it will help reach the goal.
I am sort of new to Java so I don't know all the functions at my disposal and do not have enough time to go through everything. I know this was a bit long. Thanks for reading it.