ingo@0: package de.intevation.flys.client.server;
ingo@0:
ingo@0: import de.intevation.flys.client.client.GreetingService;
ingo@0: import de.intevation.flys.client.shared.FieldVerifier;
ingo@0: import com.google.gwt.user.server.rpc.RemoteServiceServlet;
ingo@0:
ingo@0: /**
ingo@0: * The server side implementation of the RPC service.
ingo@0: */
ingo@0: @SuppressWarnings("serial")
ingo@0: public class GreetingServiceImpl extends RemoteServiceServlet implements
ingo@0: GreetingService {
ingo@0:
ingo@0: public String greetServer(String input) throws IllegalArgumentException {
ingo@0: // Verify that the input is valid.
ingo@0: if (!FieldVerifier.isValidName(input)) {
ingo@0: // If the input is not valid, throw an IllegalArgumentException back to
ingo@0: // the client.
ingo@0: throw new IllegalArgumentException(
ingo@0: "Name must be at least 4 characters long");
ingo@0: }
ingo@0:
ingo@0: String serverInfo = getServletContext().getServerInfo();
ingo@0: String userAgent = getThreadLocalRequest().getHeader("User-Agent");
ingo@0:
ingo@0: // Escape data from the client to avoid cross-site script vulnerabilities.
ingo@0: input = escapeHtml(input);
ingo@0: userAgent = escapeHtml(userAgent);
ingo@0:
ingo@0: return "Hello, " + input + "!
I am running " + serverInfo
ingo@0: + ".
It looks like you are using:
" + userAgent;
ingo@0: }
ingo@0:
ingo@0: /**
ingo@0: * Escape an html string. Escaping data received from the client helps to
ingo@0: * prevent cross-site script vulnerabilities.
ingo@0: *
ingo@0: * @param html the html string to escape
ingo@0: * @return the escaped string
ingo@0: */
ingo@0: private String escapeHtml(String html) {
ingo@0: if (html == null) {
ingo@0: return null;
ingo@0: }
ingo@0: return html.replaceAll("&", "&").replaceAll("<", "<").replaceAll(
ingo@0: ">", ">");
ingo@0: }
ingo@0: }