[Esapi-user] ESAPI encoding support for other languages

Abhishek Kaul kaul_abhishek at yahoo.com
Sun Aug 22 14:59:40 EDT 2010

Hey thanks for the reply jeff,

I am sorry. It was a problem on my part. Data was coming in ISO-8859-1 encoding instead of UTF-8 encoding. Anyway its resolved now. Everything is working fine.

Thanks again,
-- Abhishek

--- On Fri, 20/8/10, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:

From: Jeff Williams <jeff.williams at aspectsecurity.com>
Subject: RE: [Esapi-user] ESAPI encoding support for other languages
To: "Abhishek Kaul" <kaul_abhishek at yahoo.com>, esapi-user at lists.owasp.org
Date: Friday, 20 August, 2010, 5:24 PM


Hi Abhishek, 


ESAPI is escaping those characters because there’s no way to
know that they are not part of some attack.  I checked and those are the right
HTML encodings for the input string you sent.  So I suspect that your
application or framework is *ALSO* escaping. 


Your code tries to write привет мир  


escapes to &#1087;&#1088;&#1080;&#1074;&#1077;&#1090;


Your framework escapes to &amp;&#35;1087; &amp;&#35;1088;
&amp;&#35;1080; &amp;&#35;1074; &amp;&#35;1077; &amp;&#35;1090;
&amp;&#35;1084; &amp;&#35;1080; &amp;&#35;1088;    


Which would render in your browser as you indicated.  Try doing
a view source on the generated HTML to see if I’m right. 


If I am right, then you have to figure out how to resolve the
double-escaping.  Let us know what you’re using and maybe we can help. 





esapi-user-bounces at lists.owasp.org [mailto:esapi-user-bounces at lists.owasp.org] On
Behalf Of Abhishek Kaul

Sent: Friday, August 20, 2010 5:05 AM

To: esapi-user at lists.owasp.org

Subject: [Esapi-user] ESAPI encoding support for other languages 


    Hi all,


    ESAPI is a great tool. I am very impressed with it. 


    While using it i am facing a problem. Maybe you guys can help me with it. 


    When i am encoding a user input which contains latin characters the
    encoding(tried with HTML encoding) works fine. But when i put in other
    characters such as french. I get junk values for non latin characters.


    For eg. if input string is :  привет мир  (in russian)

             Output looks
    like   : 
    &#1084;&#1080;&#1088;    (it is showing the
    encoded values literally)



     How to fix this problem ? Any ideas ?


    Thanks a lot,




-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100823/21d2cc88/attachment.html 

More information about the Esapi-user mailing list