[Esapi-user] Encoding JsonP callback parameter

Ittai Zeidman ittaiz at wix.com
Tue Sep 16 04:15:16 UTC 2014


Thanks!

Will march right over.
Ittai Zeidman
 
Cell: 054-6735021
40 Hanamal street, Tel Aviv, Israel

On Mon, Sep 15, 2014 at 11:41 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
wrote:

> ESAPI does not support JSON encoding. I would suggest the OWASP JSON
> Sanitizer project,
> https://www.owasp.org/index.php/OWASP_JSON_Sanitizer.
> -kevin
> Sent from my Droid; please excuse typos.
> On Sep 15, 2014 4:37 PM, "Ittai Zeidman" <ittaiz at wix.com> wrote:
>>   Hi,
>> I have an API which I need to develop which will use JsonP and the client
>> will be sending me a “callback” parameter for the js function I’m
>> outputting to.
>> I’m trying to evaluate how to sanitize the input since I’ll be using it
>> directly in the output but I can’t find anything in the library.
>> I found all kinds of regex patterns to use but I’m looking for a more
>> robust approach.
>> Does the Esapi Encoder handle this?
>> Ittai Zeidman
>>
>> Cell: 054-6735021
>> 40 Hanamal street, Tel Aviv, Israel
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20140915/8d15bf79/attachment.html>


More information about the Esapi-user mailing list