[Esapi-user] ESAPI encoding issue (was "Re: Esau encoding issue")
Kevin W. Wall
kevin.w.wall at gmail.com
Tue Nov 7 03:41:00 UTC 2017
[Posting this to the ESAPI-User mailing list.]
On Wed, Nov 1, 2017 at 2:40 PM, vasu.devbala2 <vasu.devbala2 at gmail.com> wrote:
> I found your contact details from
> https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API. I am
> using ESAPI in my application for encoding and decoding but I am getting
> error with particular string only.
> If you are right person to contact could you please tell me how to resolve
> this issue or guide me if you know someone who can resolve this issue.
Sorry this got lost. I didn't pick up immediately on the 'Esau' part
and recognize it was a typo of ESAPI. I've since changed the Subject
line. Your best bet is to post questions like this to the ESAPI-User's
> I am building html table in struts action class and sending it to client.
> Before sending I am encoding html table with
> with $ESAPI.encoder().cananicalize(html) but whenever I have \ft string in
> my html I am getting input is undefined error at line number
> 817(input.pushback(c);) in esapi.js. With other strings I am not facing any
rather than "ESAPI for Java" here. (That's what it looks like based on
the '$ESAPI.encoder()'.) That seems a bit odd if you are placing this
in a Struts Action class, but what do I know. Maybe it really does
probably do not want to call the 'canonicalize() method, at least
where you are calling it.
If you could provide a bit more context--maybe a specific example of
what you are doing and how it is being called and how it fails.
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
More information about the Esapi-user