[OWASP-ESAPI] User Messages and ValidationException
Rogan Dawes
lists at dawes.za.net
Wed Apr 16 03:58:13 EDT 2008
Jim Manico wrote:
> Jeff,
>
> For my project, I need verbose user-facing messages when a form
> submission goes bad. I do not want to divulge security-critical
> information, just messages like:
>
> Last Name is required (context + "is required")
> Age must be between 1 and 120 (context + " must be between " + min + "
> and " + " max")
>
> Do you back this?
>
I think it is a good idea. Take a look at how projects like the Spring
Rich Client do internationalized error message reporting, with
placeholders. That might be a good approach for ESAPI as well.
Rogan
More information about the OWASP-ESAPI
mailing list