[Esapi-user] Issues with Input validation using ESAPI

Kesavanarayanan, Ramesh Ramesh.Kesavanarayanan at Pearson.com
Wed Jul 28 11:23:33 EDT 2010

I have a text field where in I allow all characters in the keyboard
except the "double quotes". 
1.	Characters (a-z,A-Z)
2.	Special characters ({[email protected]$#%^&*_+-=[]\|/?>.<,;:'`~}
<mailto:{[email protected]$#%^&*_+-=[]\|/?>.<,;:'`~}> )
3.	Numbers from 0-9

I have defined the regular expression in my esapi.properties file for
this field as follows

The user for example is typing the following character sequence in this
text box and when I validate this using the ESAPI it throws me an
exception even though I have allowed "backslash" in the sequence.

This scenario happens only when the user types in more number of
backslashes in the text field.
The regular expression I have configured is as follows

pwdRegEx = "^[ [email protected]\\$#%^&*_+-=\\[\\]\\\\/?\\|><,;:'`~{}()]+$";

User Input 
[email protected]#$%#@$%#$%^&**^&*('$%^&(%^@asdfasdfoasdjfals54675621631631
5ASDFSDFSDFIASJDFasd{}{}{}{}';::::fasldkf=====---___=+++++++++#@#[email protected]#[email protected]!
#[email protected]#$////\\/\/\/\/\/\/[][][][][][}}}}}}}}{}{}{}{\||||||

Is there anything I need to do with double encoding or so?

Regards |  Ramesh Kesavanarayanan  |    319-354-9200 ext 215785 / 215972
(O) |  /  319-621-7641 (M)   | ramesh.kesavanarayanan at pearson.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100728/dcb929c6/attachment.html 

More information about the Esapi-user mailing list