[Esapi-dev] Input Validation Ideas

[Jim Manico]

One of my old tech bosses just released his input validation library.
Pretty interesting, do any of these look useful to us?

https://www.openeco.org/XSS

    * AntiSamyValidator -- parses HTML input and validates it against a
      policy of valid elements
    * AntiSamySilentValidator -- parses HTML input and validates it
      against a policy of valid elements. This validator will silently
      filter invalid elements.
    * BooleanValidator -- returns a Boolean with the value of 'true' if
      the input parameter is "true". Otherwise returns a Boolean with
      the value 'false'.
    * BooleanOrNullValidator -- returns a 'true' or 'false' Boolean, or
      null if the input is null
    * DateValidatorUS -- returns a Date if the input could be parsed in
      US-standard format (MM/DD/YYYY)
    * DateVaidatorISO8601 -- returns a Date if the input could be parsed
      in ISO8601 format (YYYY-MM-DD)
    * DateFutureValidator -- validates that a Date is in the future (use
      in conjunction with DateValidatorUS)
    * DatePastValidator -- validates that a Date is in the past (use in
      conjunction with DateValidatorUS)
    * DateTodayOrFutureValidator -- validates that a Date is either
      today or in the future (use in conjunction with DateValidatorUS)
    * DateTodayOrPastValidator -- validates that a Date is either today
      or in the past (use in conjunction with DateValidatorUS)
    * EmailAddressValidator -- returns a String with an email address if
      it is valid
    * EmailAddressDomainValidator -- validates that an email address is
      in a valid domain
    * FloatValidator -- returns a Float if it exists
    * FloatNullZeroValidator -- returns a Float with value '0' if the
      input is null
    * IntegerValidator -- returns an Integer if it exists
    * IntegerMaximumValidator -- validates that an input Integer is less
      than a specified maximum (use in conjunction with IntegerValidator)
    * IntegerMinimumValidator -- validates that an input Integer is
      greater than a specified minimum (use in conjunction with
      IntegerValidator)
    * IntegerNullZeroValidator -- returns an Integer with value '0' if
      the input is null
    * ListOfIntegersValidator -- converts a delimited input String into
      a List of Integers
    * LongValidator -- returns a Long if the input could be parsed as a Long
    * NotNullValidator -- returns a non empty String if it exists
    * SetOfEmailAddressesValidator -- converts a delimited input String
      into a Set of valid email addresses
    * SetOfIntegersValidator -- converts a delimited input String into a
      Set of Integers
    * StringLengthValidator -- returns a String if it is within the
      length limit
    * StripHtmlValidator -- returns a String with all HTML stripped out
    * XSSEntityValidator -- returns a String with HTML characters
      converted (escaped)
    * SpamWordValidator -- scans inputs for banned spam words


-- 

- Jim Manico
OWASP ESAPI Project Manager
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

OWASP Podcast Host/Producer
http://www.owasp.org/index.php/OWASP_Podcast

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-dev/attachments/20091215/9752b7fe/attachment.html