[Esapi-user] Encoder Character

Kevin W. Wall kevin.w.wall at gmail.com
Tue Jun 21 23:32:11 EDT 2011


On Tue, Jun 21, 2011 at 11:00 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:
>> my name is ashish gautam and work for NIC India
>>
>> I have got two problems
>>
>>
>> 1- Why do you remove code points 127 --> 159 to encode HTML
>
> This is explained in the javadoc (http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/Encoder.java) with a pointer to several articles and standards explaining that these characters are not allowed in HTML. http://en.wikipedia.org/wiki/Character_encodings_in_HTML#HTML_character_references
>

A more user friendly link to read the javadoc for Encoder.encodeForHTML():
<http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Encoder.html#encodeForHTML%28java.lang.String%29>

-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein


More information about the Esapi-user mailing list