[Esapi-user] HTMLEntityCodec and optional semicolon for named entities
Jim Manico
jim.manico at owasp.org
Wed Oct 19 14:49:25 EDT 2011
To be more specific:
This is the version of getValidInput that you want. It disables
canonicalization:
http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Validator.html#getValidInput(java.lang.String,
java.lang.String, java.lang.String, int, boolean, boolean)
<http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Validator.html#getValidInput%28java.lang.String,%20java.lang.String,%20java.lang.String,%20int,%20boolean,%20boolean%29>
So instead of:
org.owasp.esapi.ESAPI.validator().getValidInput("userURL",
request.getParameter("userURL"), "HTTPURL", 2000, true);
Do this:
org.owasp.esapi.ESAPI.validator().getValidInput("userURL",
request.getParameter("userURL"), "HTTPURL", 2000, true,_*false*_);
- Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20111019/f2fa2f27/attachment.html
More information about the Esapi-user
mailing list