I am trying to set up a jsp page which takes input from any form and filters out user input which may pose a security risk. I am using the following function to try to do this:
<%!
private String checkInput(String test){
String bad_input = "";
boolean someBadInput = false;
char[] bad_characters = {'<','>','\'','\"','*','#','=','&','\\',';',':'};
int number_of_bad_characters = 11;
int i;
for(i=0; i<number_of_bad_characters; i++){
if(test.indexOf(bad_characters[i]) != -1){
if(!someBadInput){
bad_input += bad_characters[i];
someBadInput = true;
}else{
if(i < (number_of_bad_characters-1)){
bad_input += ", "+ bad_characters[i];
}else{
bad_input += ", and "+ bad_characters[i];
}
}
}
}
if(someBadInput){
return bad_input;
}else{
return "good";
}
}
%>
I get a null pointer from the following line:
if(test.indexOf(bad_characters[i]) != -1){
Been working at the computer for too long and going kinda bugeyed - so any other eyes that check this out are much appreciated!
Thanks in advance,
Dave.