[Esapi-user] SecurityWrapper

Jorge Calderon jcald1 at gmail.com
Wed Oct 28 16:03:13 UTC 2015


Is there a way to use the SecurityWrapper in JAX-WS and JAX-RS services?

What assumptions are made about the data when it does
canonicalization?  Does it canonicalize the data based on the
Content-Type header in the request, or does it always assume the data
is HTML form data?  What validator configuratioin key does it use,
"SafeString"?

I didn't see a key to validating entire XMLs.

Thanks,

Jorge


More information about the Esapi-user mailing list