[Esapi-user] Encoder Character

Jeff Williams jeff.williams at aspectsecurity.com
Tue Jun 21 23:00:22 EDT 2011

> my name is ashish gautam and work for NIC India
> I have got two problems
> 1- Why do you remove code points 127 --> 159 to encode HTML

This is explained in the javadoc (http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/Encoder.java) with a pointer to several articles and standards explaining that these characters are not allowed in HTML. http://en.wikipedia.org/wiki/Character_encodings_in_HTML#HTML_character_references 

> 2- I could not find the actual code for the method encodeCharacter( new Character( c ))

Are you referring to the encodeCharacter( char[] immune, Character c )  method in HTMLEntityCodec?



Jeff Williams | Aspect Security | 410-707-1487 | @planetlevel

Best regards,
Ashish K. Gautam 

More information about the Esapi-user mailing list