[Esapi-dev] esapi-2.0.1.jar - incorrect treatement of named html entities?

Chris Schmidt chris.schmidt at owasp.org
Wed Jul 25 23:45:52 UTC 2012


I agree with you ­ sorry I meant it should be enabled by default, but if
people are already expecting that the entities are case-insensitive we
should allow them to continue to use it in that way.

I think your solution is workable, if you want to create an issue in our bug
tracker and submit a patch and a unit-test for your patch that would be
fantastic and one of the devs will take a look at it and get it integrated.

Thanks Gunther!


On 7/25/12 11:25 AM, "Günther Zwetti" <guenther.zwetti at unycom.com> wrote:

> Hi Chris,
>  
> thanks for your answer. What do you mean by ³should be an option, not
> default²? 
> With the current implementation, characters like Ü,Ä,Ö (which are often used
> in countries like Austria or Germany) can never be displayed correctly but
> only their lower case representations  ü,ä,ö.
> And this is definitely wrong and not only a matter of choice, isn¹t it?
>  
> Could you therefore please make a suggestion what to do? Do you think my bug
> fix to be correct without any negative side effects?
> And what about the hard coded list and their configuration ³double²? Are there
> any differences between those two lists and what are they used for?
>  
> Thanks for your answers in advance!
> Kind regards, 
> Günther
> 

Chris Schmidt
ESAPI Project Manager (http://www.esapi.org)
ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
Blog: http://yet-another-dev.blogspot.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-dev/attachments/20120725/73901cc7/attachment.html>


More information about the Esapi-dev mailing list