[Esapi-user] ESAPI 1.4.4 -> XMLEntityCodec -> encodeCharacter

Chris Schmidt chris.schmidt at owasp.org
Tue Mar 20 18:12:54 UTC 2012


In order to change the characters that get encoded you would have to use
a custom codec - you should be able to extends the XMLEntityCodec and
override the encodeCharacter method to perform as you expect it to, then
you need to use your codec to perform encoding. The easiest way to do
this is to extends the DefaultEncoder and override the encodeForXML
method to use your codec to perform encoding then configure the Encoder
in your ESAPI.properties.

Hopefully this addresses your question, if not feel free to let us know!

On 3/20/2012 10:43 AM, Rama Krishna Pathangi wrote:
> Hi,
>
> We have been using ESAPI 1.4.4 for some time now. Currently we
> are running into an issue when feeding* **random text (some more
> text)* to XMLEncodeCodec -> encodeCharacter.
>
> The method encodeCharacter is spitting */random text &#x28some more
> text&#x29/* as opposed to */random text (some more text)./*
>
> What can we do to fix this problem with minimal impact to the project?
>
> *org.owasp.esapi.codecs.XMLEntityCodec*
> *Method* :
> public String encodeCharacter(char[] immune, Character c)
>     {
>         // check for immune characters
>         if(containsCharacter(c, immune))
>             return c.toString();
>         // check for unencoded characters
>         if(UNENCODED_SET.contains(c))
>             return c.toString();
>         return "&#x" + Integer.toHexString(c.charValue()) + ";";
>     }
>
> Thank You in advance.
> --
> RamaKrishna Pathangi
> [p] 503.941.0202
>
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120320/1c55652a/attachment.html>


More information about the Esapi-user mailing list