[Esapi-user] [OWASP-ESAPI] How do we customize the error messages with OWASP

Jim Manico jim.manico at owasp.org
Mon Jul 26 12:21:02 EDT 2010


There is no way to customize these validation error messages yet, its planned for ESAPI 4.0.

In the meantime you can take our validator reference implementation and branch it for your project. This is non-trivial, but will give you the ability to change any of the error messages.

Let me known if this interests you.

- Jim

On Jul 26, 2010, at 11:18 AM, "Kesavanarayanan, Ramesh" <Ramesh.Kesavanarayanan at Pearson.com> wrote:

> We have implemented the ESAPI input validation in our Struts action classes as follows as an example
> 
> Errors are the Struts Action Errors.
> 
>                         try {
> 
>                                 ESAPI.validator().getValidInput(paramArray[arTemp][0],
> 
>                                                 paramArray[arTemp][1], paramArray[arTemp][2],
> 
>                                                 Integer.parseInt(paramArray[arTemp][3]),
> 
>                                                 Boolean.parseBoolean(paramArray[arTemp][4]));
> 
>                         } catch (Exception e) {
> 
>                                 if (e instanceof ValidationException) {
> 
>                                         errors.add(ApplicationConstants.FAIL, ActionUtil
> 
>                                                         .getActionMessage(ErrorCode.OWASP_DATA_ERROR,
> 
>                                                                         ((ValidationException) e).getContext()
> 
>                                                                                         + " "
> 
>                                                                                         + ((ValidationException) e)
> 
>                                                                                                         .getLogMessage()));
> 
>                                 } else if (e instanceof IntrusionException) {
> 
>                                         errors.add(ApplicationConstants.FAIL, ActionUtil
> 
>                                                         .getActionMessage(ErrorCode.OWASP_DATA_ERROR,
> 
>                                                                         ((IntrusionException) e).getUserMessage()));
> 
>                                 }
> 
>                         }
> 
> 
> 
> For an example,.If I were to validate the email address from an user,
> 
> I use the property in the ESAPI.properties
> 
> And this is what I see from the screen.
> 
> 
> Is there a way to customize these messages and present a meaningful information to the end users?
> 
> 
> Regards |  Ramesh Kesavanarayanan  |    319-354-9200 ext 215785 / 215972 (O) |  /  319-621-7641 (M)   | ramesh.kesavanarayanan at pearson.com
> 
> 
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100726/f1bb648b/attachment.html 


More information about the Esapi-user mailing list