[OWASP-ESAPI] User Messages and ValidationException
eric.bing at oracle.com
Wed Apr 16 15:56:32 EDT 2008
I had a similar conversation with Arshan on the messages used in
AntiSamy. I think this would be a good thing for the ESAPI. I've
helped develop internationalized message APIs before, and would be happy
to help write or review this.
owasp-esapi-request at lists.owasp.org wrote:
> Message: 1
> Date: Tue, 15 Apr 2008 10:15:12 -1000
> From: Jim Manico <jim at manico.net>
> Subject: [OWASP-ESAPI] User Messages and ValidationException
> To: 'owasp-esapi' <owasp-esapi at lists.owasp.org>
> Message-ID: <48050CD0.4070108 at manico.net>
> Content-Type: text/plain; charset=UTF-8; format=flowed
> For my project, I need verbose user-facing messages when a form
> submission goes bad. I do not want to divulge security-critical
> information, just messages like:
> Last Name is required (context + "is required")
> Age must be between 1 and 120 (context + " must be between " + min + "
> and " + " max")
> Do you back this?
I think it is a good idea. Take a look at how projects like the Spring
Rich Client do internationalized error message reporting, with
placeholders. That might be a good approach for ESAPI as well.
More information about the OWASP-ESAPI