Cross-Site Scripting vulnerability

When comparing data that may be locale-dependent, an appropriate locale should be specified in code and that’s how Cross-Site Scripting vulnerability could be avoided.

import java.util.Locale;
...
public String anyMethodName(String dataSet){
	if(dataSet.toUpperCase(Locale.ENGLISH).equals("ANY_DATA_VALUE")){
	return null;
}
...
Advertisements

How to enable Garbage Collector Logs

The garbage collector provides automatic memory management. It keeps track of all objects instantiated within a JVM and removes the ones that are no longer used. That is a highly complex task, and there are several different garbage collector implementations available.

In general, the garbage collection process in Java is very efficient. It’s so efficient that there are lots of applications that use the default implementation with its standard configuration. But if your application has to handle the high load or uses lots of complex object structures, the performance of your application might decrease over time. That often happens when the garbage collector needs to spend more and more time to manage the available memory. The garbage collector log provides you with the necessary information to analyze all garbage collector activities.

The garbage collector log is deactivated by default. You need to activate it with a set of command line properties.

If you’re using JDK 8 or earlier, you can do that using the following properties:
-XX:+PrintGCDetails -Xloggc:

Starting with JDK 9, you need to use the following properties instead:
class=”prettyprint”-Xlog:gc*:file=<gc-log-file-path>

After you started your application with these command line properties, your garbage collector will write detailed information about all operations. Unfortunately, the content and format of the generated garbage collector log depend on the vendor and version of your JVM and the garbage collection algorithm.

Purpose of [^\x20-\x7E] in Regular Expressions

Purpose of [^\x20-\x7E] in Regular Expressions defines all characters that are not (^) in the range \x20-\x7E (hex 0x20 to 0x7E). According to http://www.asciitable.com/, those are characters from ‘space’ to ‘~’. Hence, given below Java code will work very efficiently:-

String updateMessage = message.replaceAll("[^\\x20-\\x7e]", "");

Happy Coding !!