[Esapi-user] Tricky encoding question

• Previous message: [Esapi-user] Tricky encoding question
• Next message: [Esapi-user] Tricky encoding question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you all for your responses.

As an aside, I was able to recommend a "better way" to write the above code
so as not to require the double encoding.

Original:

> <a HREF=""
> onClick="window.open('
> http://www.example.com/app/page.jsp?param1=a&param2=b&param3=<%=request.getParameter("test")%>',
> 'windowRef', '
> resizable=yes,scrollbars=yes,status=no,location=no,toolbars=yes,height=500,width=800');
> return false;">link text</a>


"Better" version:

> <a href="http://www.example.com/app/page.jsp?param1=a&param2=b&param3=<%=
> outputEncoder.encodeForURL(request.getParameter("test")) %>"
> target="_blank" onclick="window.open(this.href, this.target,'
> resizable=yes,scrollbars=yes,status=no,location=no,toolbars=yes,height=500,width=800');
> return false">


Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110620/fbf97eca/attachment.html 

• Previous message: [Esapi-user] Tricky encoding question
• Next message: [Esapi-user] Tricky encoding question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]