[Esapi-user] ESAPI encoding support for other languages
kaul_abhishek at yahoo.com
Sun Aug 22 14:59:40 EDT 2010
Hey thanks for the reply jeff,
I am sorry. It was a problem on my part. Data was coming in ISO-8859-1 encoding instead of UTF-8 encoding. Anyway its resolved now. Everything is working fine.
--- On Fri, 20/8/10, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
From: Jeff Williams <jeff.williams at aspectsecurity.com>
Subject: RE: [Esapi-user] ESAPI encoding support for other languages
To: "Abhishek Kaul" <kaul_abhishek at yahoo.com>, esapi-user at lists.owasp.org
Date: Friday, 20 August, 2010, 5:24 PM
ESAPI is escaping those characters because there’s no way to
know that they are not part of some attack. I checked and those are the right
HTML encodings for the input string you sent. So I suspect that your
application or framework is *ALSO* escaping.
Your code tries to write привет мир
escapes to привет
Your framework escapes to &#1087; &#1088;
&#1080; &#1074; &#1077; &#1090;
&#1084; &#1080; &#1088;
Which would render in your browser as you indicated. Try doing
a view source on the generated HTML to see if I’m right.
If I am right, then you have to figure out how to resolve the
double-escaping. Let us know what you’re using and maybe we can help.
esapi-user-bounces at lists.owasp.org [mailto:esapi-user-bounces at lists.owasp.org] On
Behalf Of Abhishek Kaul
Sent: Friday, August 20, 2010 5:05 AM
To: esapi-user at lists.owasp.org
Subject: [Esapi-user] ESAPI encoding support for other languages
ESAPI is a great tool. I am very impressed with it.
While using it i am facing a problem. Maybe you guys can help me with it.
When i am encoding a user input which contains latin characters the
encoding(tried with HTML encoding) works fine. But when i put in other
characters such as french. I get junk values for non latin characters.
For eg. if input string is : привет мир (in russian)
мир (it is showing the
encoded values literally)
How to fix this problem ? Any ideas ?
Thanks a lot,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user