Java: Treat x.matches(regexp) as a sanitizer for request forgery

Java: Treat x.matches(regexp) as a sanitizer for request forgery #5645