Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
518 views
in Technique[技术] by (71.8m points)

java - What alternatives are there to Hibernate Validator's @SafeHtml to validate Strings?

As stated in the JavaDocs, it will be removed in a future release. Is there any alternative library which works similarly via annotations?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Let's first explain the reasons of the deprecation: we recently had a security issue (CVE) due to this very constraint. It was due to an error in our implementation but it made us realize that this was very fragile and potentially a can of worms security wise.

The alternative for now would be to implement it yourself based on our latest implementation and maintain it in your own application (with potentially your own tweaks).

We have a very nice article on our blog explaining how to do that easily: https://in.relation.to/2017/03/02/adding-custom-constraint-definitions-via-the-java-service-loader/ .

Basically, this change is us saying that we don't want to take the responsibility of something that is potentially fragile and will need a lot of attention, with tweaks potentially specific to the application platform it is deployed on.

Update: I have posted a full announcement here: https://in.relation.to/2019/11/20/hibernate-validator-610-6018-released/ .


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...