[OWASP-ESAPI] Javadoc fails for org.owasp.esapi.PreparedString in ESAPI 2.0

Kevin W. Wall kevin.w.wall at gmail.com
Mon Aug 17 00:40:12 EDT 2009


Kevin W. Wall wrote:
> [...snip...] So I'm going to change these to:
> 
> /**
>  * A parameterized string that can be used to send data to an interpreter.
>  * <pre>
>  * PreparedString div = new PreparedString( "<a href=\"@1\"
> onmouseover=\"alert('@2')\">test</a>" );
> [...snip...]

OK, my bad. Maybe next time I should actually TEST it before posting! Duh!!!
Make that:

/**
 * A parameterized string that can be used to send data to an interpreter.
 * <pre>
 * PreparedString div = new PreparedString( "&lt;a href=\"@1\"
onmouseover=\"alert('@2')\"&gt;test&lt;/a&gt;" );
 ... as it was in my previous email ...

Forgot for a moment that this was Javadoc and I was just thinking it was code.
-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the OWASP-ESAPI mailing list