[Esapi-user] Note on possible Validator API change

Jim Manico jim.manico at owasp.org
Mon Dec 28 13:04:00 EST 2009

Several members of the ESAPI development team feel that the isValidX validation functions all need to go.

These functions do NOT return canonizalized data and can lead to bad practice.

So I'd like to:
1) Drop all the "isX" from the Validator interface (deprecate for ESAPI 2.0, remove for ESAPI 3.0)
2) Leave those functions in the reference impl (DefaultValidator) as "protected"
Does this harm anyone?  Please speak up if so...


- Jim Manico
OWASP ESAPI Project Manager

OWASP Podcast Host/Producer

More information about the Esapi-user mailing list