[Esapi-user] RegExp for URL

Mungo Carstairs mungo_carstairs at standardlife.com
Wed Feb 3 05:25:16 EST 2010


It looks like the modified RegExp below is not in ESAPI 2.0 or 1.4.4 - 
should it be?
Could I plead for unit tests for these fancy expressions?
Specifically, add a failing test before any new or modified RegExp.
I get in a cold sweat thinking that ESAPI validation might block 
legitimate URL references - this would not make me popular.

Also, as I'm using ESAPI 1.4.x, I missed the split off of 
validation.properties from ESAPI.properties. What's the reason for that?


Mungo Carstairs
Senior Systems Developer
Business Solutions
Standard Life Employee Services Limited

Tel:    +44 (0)131 246 2785

Message: 1
Date: Wed, 5 Aug 2009 12:40:04 -1000
From: "Jim Manico" <jim.manico at owasp.org>
Subject: Re: [OWASP-ESAPI] Two questionable Regex in default
To: "Neil Matatall" <nmatatal at uci.edu>, "Chris Schmidt"
                 <chrisisbeef at gmail.com>
Cc: owasp-esapi at lists.owasp.org
Message-ID: <D730AA21B22842E5943087A8A5D50ABC at workhorse>
Content-Type: text/plain; charset="iso-8859-1"

I've also had to modify the URL regEx to include "(" and ")" - I imagine 
it could use more changes.

I have not added this to trunk yet, but I will... You might want to 
include it in the quality branch...
-------------- next part --------------
An HTML attachment was scrubbed...

End of OWASP-ESAPI Digest, Vol 23, Issue 7

This e-mail is confidential and, if you are not the intended recipient, 
please return it to us and do not retain or disclose it. We filter and 
monitor e-mails in order to protect our system and the integrity, 
confidentiality and availability of e-mails. We cannot guarantee that 
e-mails are risk free and are not responsible for any related damage or 
unauthorised alteration of e-mails by third parties after sending.

For more information on Standard Life group, visit our website 

Standard Life plc (SC286832), Standard Life Assurance Limited* (SC286833) 
and Standard Life Employee Services Limited (SC271355) are all registered 
in Scotland at Standard Life House, 30 Lothian Road, Edinburgh EH1 2DH. 
*Authorised and regulated by the Financial Services Authority. 0131 225 
2552. Calls may be recorded/monitored. Standard Life group includes 
Standard Life plc and its subsidiaries.

Please consider the environment. Think - before you print.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100203/ff61251b/attachment.html 

More information about the Esapi-user mailing list