diff --git a/spring-context/src/main/java/org/springframework/validation/DataBinder.java b/spring-context/src/main/java/org/springframework/validation/DataBinder.java index 9ae262ee07..612dfc5622 100644 --- a/spring-context/src/main/java/org/springframework/validation/DataBinder.java +++ b/spring-context/src/main/java/org/springframework/validation/DataBinder.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -419,11 +419,12 @@ public class DataBinder implements PropertyEditorRegistry, TypeConverter { /** * Register fields that should be allowed for binding. Default is all fields. - * Restrict this for example to avoid unwanted modifications by malicious users - * when binding HTTP request parameters. - *
Supports "xxx*", "*xxx", "*xxx*" and "xxx*yyy" matches (with an arbitrary - * number of pattern parts), as well as direct equality. More sophisticated matching - * can be implemented by overriding the {@code isAllowed} method. + * Restrict this for example to avoid unwanted modifications by malicious + * users when binding HTTP request parameters. + *
Supports "xxx*", "*xxx", "*xxx*" and "xxx*yyy" matches (with an + * arbitrary number of pattern parts), as well as direct equality. More + * sophisticated matching can be implemented by overriding the + * {@code isAllowed} method. *
Alternatively, specify a list of disallowed fields. * @param allowedFields array of field names * @see #setDisallowedFields @@ -443,12 +444,13 @@ public class DataBinder implements PropertyEditorRegistry, TypeConverter { } /** - * Register fields that should not be allowed for binding. Default is none. - * Mark fields as disallowed for example to avoid unwanted modifications - * by malicious users when binding HTTP request parameters. - *
Supports "xxx*", "*xxx", "*xxx*" and "xxx*yyy" matches (with an arbitrary - * number of pattern parts), as well as direct equality. More sophisticated matching - * can be implemented by overriding the {@code isAllowed} method. + * Register fields that should not be allowed for binding. Default + * is none. Mark fields as disallowed for example to avoid unwanted + * modifications by malicious users when binding HTTP request parameters. + *
Supports "xxx*", "*xxx", "*xxx*" and "xxx*yyy" matches (with an + * arbitrary number of pattern parts), as well as direct equality. + * More sophisticated matching can be implemented by overriding the + * {@code isAllowed} method. *
Alternatively, specify a list of allowed fields. * @param disallowedFields array of field names * @see #setAllowedFields