Map/hashmap is a non-commonly used data structure in Java, and what we do in the application is to call put to write data to the container or get the data from the container.
Map.entryset () This method returns a collection of key-value pairs and is the official recommended way to traverse the map.
set<map.entry<string, string>> Allentrys = Maps.entryset (); for (map.entry<string, String> as: Allentrys) { String key = As.getkey (); String value = As.getvalue ();}
But we should not beMap.The return result of EntrySet () is passed to the untrusted code. Why is it? Let's look at the following code:
public static void main (string[] args) throws Exception {hashmap<string, string> Maps = new hashmap<string, string> (); Maps.put ("name", "Xiu"); Maps.put ("Age", "25"); SYSTEM.OUT.PRINTLN (maps);//{age=25, Name=xiu} set<map.entry<string, string>> Allentrys = Maps.entryset () ; map.entry<string, string> nameentry = null; For (map.entry<string, string> As:allentrys) {String key = As.getkey (); if (key.equals ("name")) {nameentry = as; }}//Delete entry allentrys.remove (nameentry); SYSTEM.OUT.PRINTLN (maps);//{age=25}}
very clearly, we
through the return result of Map.entryset (), You can delete the key-value pair stored in the original HashMap. Suppose we pass set<map.entry<string, string>> Allentrys as function parameters to untrusted code. The external malicious code can then delete the data stored in the original HashMap. So we should avoid passing set<map.entry<string, string>> as function parameters. Prevent external code from maliciously or accidentally altering the original data.
This hidden feature is not all Java programs apes know, so you need to be careful to avoid programming errors.
Use hashmap things to be aware of: do not expose map.entry to external non-trusted code Map.entryset ()