[Esapi-user] using SafeRequest

Normando Macaraeg nmacaraeg at jaspersoft.com
Tue Jul 26 22:48:57 EDT 2011


Using the ESAPI Book as my guide, it looks like when I find code that
looks like: 

HttpSession session = request.getSession(); // unsafe session

I should change the code to this:

HttpSession session = new SafeRequest( request ).getSession(); // safe

But the book says this works only if I enable the ESAPIFilter.  How do I
enable the ESAPIFilter?


More information about the Esapi-user mailing list