[Esapi-user] [Esapi-dev] Validate cannonicalization options

Chris Schmidt chrisisbeef at gmail.com
Fri Sep 3 21:19:30 EDT 2010


Awesome work - sounds good to me :)

On Fri, Sep 3, 2010 at 5:30 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  Hello Folks,
>
>
>
> I added 3 new functions to the ESAPI 2.0 Validator interface adding the
> ability to disable canonicalization – these are implemented in the reference
> implementation as well. (svn checkin 1512 and 1513)
>
>
>
> *boolean* isValidInput(String context, String input, String type, *int*maxLength,
> *boolean* allowNull, *boolean* canonicalize) *throws* IntrusionException;
>
>
>
> String getValidInput(String context, String input, String type, *int*maxLength,
> *boolean* allowNull, *boolean* canonicalize) *throws* ValidationException,
> IntrusionException;
>
>
>
> String getValidInput(String context, String input, String type, *int*maxLength,
> *boolean* allowNull, *boolean* canonicalize, ValidationErrorList
> errorList) *throws* IntrusionException;
>
>
>
> I also **disabled** canonicalization for getSafeHTML by default, since it
> breaks HTML. (svn checkin 1514)
>
>
>
> Acceptable? I’d like to push this for 2.0 rc8
>
>
>
> - Jim
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-dev
>
>


-- 
Chris Schmidt

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/

Yet Another Developers Blog
http://yet-another-dev.blogspot.com

Bio and Resume
http://www.digital-ritual.net/resume.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100903/38d36484/attachment.html 


More information about the Esapi-user mailing list