[Esapi-dev] esapi-2.0.1.jar - incorrect treatement of named html entities?
chris.schmidt at owasp.org
Wed Jul 25 23:45:52 UTC 2012
I agree with you sorry I meant it should be enabled by default, but if
people are already expecting that the entities are case-insensitive we
should allow them to continue to use it in that way.
I think your solution is workable, if you want to create an issue in our bug
tracker and submit a patch and a unit-test for your patch that would be
fantastic and one of the devs will take a look at it and get it integrated.
On 7/25/12 11:25 AM, "Günther Zwetti" <guenther.zwetti at unycom.com> wrote:
> Hi Chris,
> thanks for your answer. What do you mean by ³should be an option, not
> With the current implementation, characters like Ü,Ä,Ö (which are often used
> in countries like Austria or Germany) can never be displayed correctly but
> only their lower case representations ü,ä,ö.
> And this is definitely wrong and not only a matter of choice, isn¹t it?
> Could you therefore please make a suggestion what to do? Do you think my bug
> fix to be correct without any negative side effects?
> And what about the hard coded list and their configuration ³double²? Are there
> any differences between those two lists and what are they used for?
> Thanks for your answers in advance!
> Kind regards,
ESAPI Project Manager (http://www.esapi.org)
ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-dev