[Esapi-user] Encoding JsonP callback parameter

Kevin W. Wall kevin.w.wall at gmail.com
Mon Sep 15 20:41:47 UTC 2014


ESAPI does not support JSON encoding. I would suggest the OWASP JSON
Sanitizer project,
https://www.owasp.org/index.php/OWASP_JSON_Sanitizer.

-kevin
Sent from my Droid; please excuse typos.
On Sep 15, 2014 4:37 PM, "Ittai Zeidman" <ittaiz at wix.com> wrote:

>   Hi,
> I have an API which I need to develop which will use JsonP and the client
> will be sending me a “callback” parameter for the js function I’m
> outputting to.
> I’m trying to evaluate how to sanitize the input since I’ll be using it
> directly in the output but I can’t find anything in the library.
> I found all kinds of regex patterns to use but I’m looking for a more
> robust approach.
> Does the Esapi Encoder handle this?
> Ittai Zeidman
>
> Cell: 054-6735021
> 40 Hanamal street, Tel Aviv, Israel
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20140915/19a5a354/attachment.html>


More information about the Esapi-user mailing list