[Esapi-user] ESAPI development process

Ed Schaller schallee at darkmist.net
Wed Sep 8 17:51:48 EDT 2010

> I agree with Jeff. Encoders should never throw exceptions; they are so UI heavy 
> and we don't want JSPs and the like to throw exceptions (nor do we want 
> extensive exception handling requirements in UI code).
> +1 for making this a config issue.

Sounds good to me as well. Having the choice is best and I'm ok with a
good default.

One thought before implementation, is it worth adding a encoder
attribute/feature/property/config level setting for this so it can be
chosen at runtime as well? Let me clarify a bit. Perhaps something like:

Codec#setConfig(String name, Object value)

could be added. If a dev wanted the specific instance to throw an
exception they could do something like:


or a different replacement:


with constants for know names. The default would come from the config.

This would allow future or codec specific settings without API changes.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : https://lists.owasp.org/pipermail/esapi-user/attachments/20100908/9b3b5dea/attachment.bin 

More information about the Esapi-user mailing list