Hibernate Validator的@SafeHtml可以使用哪些替代方法来验证字符串? [英] What alternatives are there to Hibernate Validator's @SafeHtml to validate Strings?
问题描述
如JavaDocs中所述,它将在以后的版本中删除. 是否有其他通过注释类似工作的库?
As stated in the JavaDocs, it will be removed in a future release. Is there any alternative library which works similarly via annotations?
推荐答案
让我们首先解释一下弃用的原因:由于这种限制,我们最近遇到了安全问题(CVE).这是由于执行过程中的错误,但它使我们意识到这非常脆弱,并且可能在蠕虫的安全性方面是明智的.
Let's first explain the reasons of the deprecation: we recently had a security issue (CVE) due to this very constraint. It was due to an error in our implementation but it made us realize that this was very fragile and potentially a can of worms security wise.
目前的替代方案是根据我们的最新实现自行实现,并在您自己的应用程序中进行维护(可能需要您自己进行一些调整).
The alternative for now would be to implement it yourself based on our latest implementation and maintain it in your own application (with potentially your own tweaks).
我们在博客上有一篇非常不错的文章,解释了如何轻松地做到这一点:
We have a very nice article on our blog explaining how to do that easily: https://in.relation.to/2017/03/02/adding-custom-constraint-definitions-via-the-java-service-loader/ .
从根本上说,这种改变是我们不想承担潜在的脆弱性并需要引起很大关注的事情的责任,而可能针对其所部署的应用程序平台进行了一些调整.
Basically, this change is us saying that we don't want to take the responsibility of something that is potentially fragile and will need a lot of attention, with tweaks potentially specific to the application platform it is deployed on.
更新:我已经在此处发布了完整的公告: https://in.relation.to/2019/11/20/hibernate-validator-610-6018-released/.
Update: I have posted a full announcement here: https://in.relation.to/2019/11/20/hibernate-validator-610-6018-released/ .
这篇关于Hibernate Validator的@SafeHtml可以使用哪些替代方法来验证字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!