[Esapi-user] Encoder Character

Kevin W. Wall kevin.w.wall at gmail.com
Tue Jun 21 23:32:11 EDT 2011

On Tue, Jun 21, 2011 at 11:00 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:
>> my name is ashish gautam and work for NIC India
>> I have got two problems
>> 1- Why do you remove code points 127 --> 159 to encode HTML
> This is explained in the javadoc (http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/Encoder.java) with a pointer to several articles and standards explaining that these characters are not allowed in HTML. http://en.wikipedia.org/wiki/Character_encodings_in_HTML#HTML_character_references

A more user friendly link to read the javadoc for Encoder.encodeForHTML():

Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein

More information about the Esapi-user mailing list