[Esapi-user] Fwd: ESAPI development process

Patrick Higgins patrick.allen.higgins at gmail.com
Fri Sep 10 13:54:40 EDT 2010

Forwarding to list because I accidentally left it off.

---------- Forwarded message ----------
On Fri, Sep 10, 2010 at 8:33 AM, Ed Schaller <schallee at darkmist.net> wrote:
> I'm not sure I'd like the codec configurations being unchangeable for
> all code in a container though.  I may want exceptions to be thrown
> for invalid characters in some of my code but not in my JSPs. As such I
> lean toward the factory route or something else where code that wants a
> codec with certain options can get one without affecting thread safety
> or codec options for other code.

My thought on this would be to just create two configurations. I think
having a single global ESAPI locator is a mistake. It's so easy to
just declare your own class with static volatile variables to locate
the configurations you need. For example,

If you need more configurations, just create more instances.


More information about the Esapi-user mailing list