[Esapi-user] How to define "Context" in theESAPI.validator().getValidInput

weiping guo weiping_guo at yahoo.com
Fri May 20 10:37:03 EDT 2011


Hi Jeff,

Thank you very much for your explaination. I will give a shot.

Jim 

--- On Fri, 5/20/11, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:

> From: Jeff Williams <jeff.williams at aspectsecurity.com>
> Subject: RE: [Esapi-user] How to define "Context" in theESAPI.validator().getValidInput
> To: "weiping guo" <weiping_guo at yahoo.com>, esapi-user at lists.owasp.org
> Date: Friday, May 20, 2011, 10:34 AM
> Hi Jim,
> 
> The "context" is used in validation log messages and is
> intended to remind you where the data came from.  One
> common use is to put the name of the HTTP
> parameter/header/cookie that the data came from.  But
> you can create your own system.  Give it a try with
> various values and then check the log to see if the messages
> there will help you figure out exactly where the problem is
> when the application is operational.
> 
> Good luck,
> 
> --Jeff
> 
> 
> -----Original Message-----
> From: esapi-user-bounces at lists.owasp.org
> [mailto:esapi-user-bounces at lists.owasp.org]
> On Behalf Of weiping guo
> Sent: Friday, May 20, 2011 10:30 AM
> To: esapi-user at lists.owasp.org
> Subject: [Esapi-user] How to define "Context" in
> theESAPI.validator().getValidInput
> 
> Hi All,
> 
> I just started learning ESAPI. One puzzle I have is the
> context used in validator. I am not sure how it is defined
> and mapped somehow, or just some identification. 
> 
> The SwingSet example shows the following code:
> 
> ESAPI.validator().getValidInput("Swingset Validation Secure
> Exercise",input,type,200,false);
> 
> It is not clear to me what context "Swingset Validation
> Secure Exercise” means in here? 
> 
> Any suggestions and comments are appreciated!
> 
> Jim 
> 
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user

> 


More information about the Esapi-user mailing list