[Esapi-user] what is the decoder corresponding to encodeForHTML

Jeff Williams jeff.williams at owasp.org
Mon Sep 6 15:10:43 EDT 2010

The Encoder.canonicalize() method is a generalized decoding routine for all
of the encoding formats.  You can create an Encoder with whatever set of
Codec's that you want to handle multiple (and nested) encoding schemes. If
all you want to do is decode HTML, then just use the HTMLEntityCodec.

Wait.... before you do all that, *why* are you decoding HTML entities?
Generally that's a bad idea (outside the standard canonicalization context).



-----Original Message-----
From: mailman-bounces at lists.owasp.org
[mailto:mailman-bounces at lists.owasp.org] On Behalf Of
nithya.srinivasan at sun.com
Sent: Friday, August 07, 2009 4:29 PM
To: owasp-esapi-owner at lists.owasp.org
Subject: what is the decoder corresponding to encodeForHTML


I am in need to decode the encoded data.
Data has been encoded using encodeForHTML
But I cant find its counterpart for decoding.
decodeFromURL doesnt work for use since we need to retain +

Will appreciate inputs.


More information about the Esapi-user mailing list