[OWASP-ESAPI] Does DefaultEncoder handle UTF-8?

Lei Chen lei.chen.2004 at gmail.com
Thu Apr 9 15:17:24 EDT 2009


Thanks a lot Jeff! Your questions helped me finding the solutions. :-)

The default encoding of jsps/servlets in Weblogic is ISO-8859-1. This is why
my parameters got encoded wrong when received and hence displayed wrong. To
fix this, I needed to specify the input charset in weblogic.xml:

<charset-params>
  <input-charset>
    <resource-path>/*</resource-path>
    <java-charset-name>UTF-8</java-charset-name>
  </input-charset>
</charset-params>

Here is the weblogic document on i18n:
http://otndnld.oracle.co.jp/document/products/wls/docs90/en/relnotes_ja.html

Lei

On Tue, Mar 31, 2009 at 2:01 PM, Jeff Williams <jeff.williams at owasp.org>wrote:

>  Hi Lei,
>
>
>
> ESAPI is configurable, but defaults to using UTF-8 everywhere it can.  Can
> you let me know a little more about your issue?  Are you posting with a
> normal form?  What encoding?  How are you getting parameters from the
> request?  Is it a simple request.getParameter()?  Do you change the request
> encoding?  Can you verify that the parameter is not getting encoded by
> something else, either before or after your ESAPI call?  Some JSP components
> encode their data before posting.  How are you outputting the user data?
>
>
>
> Thanks!
>
>
>
> --Jeff
>
>
>
>
>
> *From:* owasp-esapi-bounces at lists.owasp.org [mailto:
> owasp-esapi-bounces at lists.owasp.org] *On Behalf Of *Lei Chen
> *Sent:* Tuesday, March 31, 2009 12:09 AM
> *To:* owasp-esapi at lists.owasp.org
> *Subject:* [OWASP-ESAPI] Does DefaultEncoder handle UTF-8?
>
>
>
> Hi,
>
> We have a form that takes user data that includes people's names in
> Chinese/Japanese. I used
> ESAPI.encoder().encodeForHTML()/encodeForHTMLAttribute() to encode the input
> and display back to browser to show whether there is any mandatory fields
> that are missing. The names seem  to be double-encoded and does not display
> properly. Is this the correct behavior? How do I make the names display in
> the original form?
>
> Thanks,
> Lei
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090409/d97c41c9/attachment.html 


More information about the OWASP-ESAPI mailing list