[Esapi-user] Validate cannonicalization options

Jim Manico jim.manico at owasp.org
Fri Sep 3 19:30:16 EDT 2010


Hello Folks,

 

I added 3 new functions to the ESAPI 2.0 Validator interface adding the
ability to disable canonicalization - these are implemented in the reference
implementation as well. (svn checkin 1512 and 1513)

 

boolean isValidInput(String context, String input, String type, int
maxLength, boolean allowNull, boolean canonicalize) throws
IntrusionException;

 

String getValidInput(String context, String input, String type, int
maxLength, boolean allowNull, boolean canonicalize) throws
ValidationException, IntrusionException;

 

String getValidInput(String context, String input, String type, int
maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList
errorList) throws IntrusionException;

 

I also *disabled* canonicalization for getSafeHTML by default, since it
breaks HTML. (svn checkin 1514)

 

Acceptable? I'd like to push this for 2.0 rc8

 

- Jim

 

 

       

       

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100903/ae9a342e/attachment.html 


More information about the Esapi-user mailing list