Configuring ParameterValidator

Use the configuration properties described in the following table to control the way the ParameterValidator component checks query parameters.

Property

Explanation

alwaysAddDefaults

Controls whether the ParameterValidator component adds sets of default string values to the illegalTagNames and illegalAttributeNames properties.

Set the value of the property to true to include the default values. Set it to false to omit the default values.

See Default Values for illegalTagNames and Default Values for illegalAttributeNames.

illegalTagNames

A list of HTML elements that are disallowed in URL query parameters.

See Default Values for illegalTagNames.

onlyDisallowIllegalTagNames

Controls whether strings that appear to be HTML elements are allowed in URL query parameters.

Set the value of this property to true to allow strings that appear to be HTML elements as long as they are not included in the illegalTagNames property.

Set the value of this property to false to disallow any string that appears to be an HTML element.

illegalAttributeNames

A list of HTML attributes that are disallowed in URL query parameters.

See Default Values for illegalAttributeNames.

onlyDisallowIllegalAttributeNames

Controls whether strings that appear to be HTML attributes will be allowed in URL query parameters.

Set the value of this property to true to allow strings that appear to be HTML attributes as long as they are not included in the illegalAttributeNames property.

Set the value of this property to false to disallow any string that appears to be an HTML attribute.

illegalStrings

A list of specific strings that are disallowed in URL query parameters.

illegalRegexes

A list of Java regular expressions that describe strings that are disallowed in URL query parameters.

overridingValidators

A list of custom components that function as URL query validators for specific conditions.

Set the value of this property to a comma separated list of the nucleus paths for each of the custom query validator components. For example:

overridingValidators=/mycompany/validators/
MyValidator,/mycompany/validators/
MyOtherValidator

See Creating an Overriding Parameter Validator.

Default Values for illegalTagNames

The ParameterValidator component includes a set of default string values that it will include in the list of illegal tag names if you set the alwaysAddDefaults property to true. These default string values are shown in the following list.

Default Values for illegalAttributeNames

The ParameterValidator component includes a set of default string values that it will include in the list of illegal attribute names if you set the alwaysAddDefaults property to true. These default string values are shown in the following list.

Removing Default Values for illegalTagNames and illegalAttributeNames

To remove an individual, default string value from the illegalTagNames or illegalAttributeNames property, add the string value to either illegalTagNames or illegalAttributeNames with a minus sign character before it.

For example, to remove the value onscroll from the illegalAttributeNames property, add the following to the configuration for that property.

illegalAttributeNames+=-onscroll

Note: To remove all of the default values from both the illegalTagNames and illegalAttributeNames properties, set the alwaysAddDefaults property to false.

Copyright © 1997, 2015 Oracle and/or its affiliates. All rights reserved. Legal Notices