[Esapi-user] The AJAX issue

Normando Macaraeg nmacaraeg at jaspersoft.com
Tue Jun 28 08:30:13 EDT 2011


I don't understand how AJAX complicates input validation/output encoding.

In the ESAPI book, it says "Ajax and other “rich” applications are complicating this situation."

The way I see it, even though it's AJAX, it still hits the server as a request, and all requests can be validated.  So where's the complication?


More information about the Esapi-user mailing list