[Esapi-php] CSSCodec added as at r297
Linden.Darling at jds.net.au
Mon Nov 30 00:28:09 EST 2009
Been off the radar a bit, finally committed CSSCodec though.
Mike, I now see the problem in making parseHex generic...each specific
Codec implementation has its own parseHex requirements...am thinking
maybe we make a generic parseHex utility method in Codec and allow the
specific Codec implementations to override if/as they need.
I noticed with the CSSCodec that the JAVA implementation seemingly
considers '\\\n' (i.e. escaped new line) as a malformed entity and thus
if/when malformed entity exceptions are thrown, it would yeild one -
where it isn't, it should just be ignored. So I've added separate logic
to deal with this, and unfortunately in that process noticed a
limitiation of Codec::decode() whereby passing an empty string as the
decodedCharacter breaks the stripping of encodedString :/ Will need to
look at that more closely to resolve without causing problems for other
specific Codec implementations.
Oh, and big welcome to newcomers! Great to have more minds on board, if
you see I've made any mistakes don't hesitate to let me know!
From: esapi-php-bounces at lists.owasp.org
[mailto:esapi-php-bounces at lists.owasp.org] On Behalf Of Boberski,
Sent: Saturday, 28 November 2009 4:33 AM
To: ESAPI for PHP development list
Subject: [Esapi-php] ESAPI for PHP weekly status
Here's what we did this past week:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-php