[Esapi-user] How to define "Context" in theESAPI.validator().getValidInput

Jeff Williams jeff.williams at aspectsecurity.com
Fri May 20 10:34:43 EDT 2011

Hi Jim,

The "context" is used in validation log messages and is intended to remind you where the data came from.  One common use is to put the name of the HTTP parameter/header/cookie that the data came from.  But you can create your own system.  Give it a try with various values and then check the log to see if the messages there will help you figure out exactly where the problem is when the application is operational.

Good luck,


-----Original Message-----
From: esapi-user-bounces at lists.owasp.org [mailto:esapi-user-bounces at lists.owasp.org] On Behalf Of weiping guo
Sent: Friday, May 20, 2011 10:30 AM
To: esapi-user at lists.owasp.org
Subject: [Esapi-user] How to define "Context" in theESAPI.validator().getValidInput

Hi All,

I just started learning ESAPI. One puzzle I have is the context used in validator. I am not sure how it is defined and mapped somehow, or just some identification. 

The SwingSet example shows the following code:

ESAPI.validator().getValidInput("Swingset Validation Secure Exercise",input,type,200,false);

It is not clear to me what context "Swingset Validation Secure Exercise” means in here? 

Any suggestions and comments are appreciated!


Esapi-user mailing list
Esapi-user at lists.owasp.org

More information about the Esapi-user mailing list