[OWASP-ESAPI] Encoding implementation issue...

Ed Schaller schallee at darkmist.net
Tue Dec 8 23:47:16 EST 2009


OK. I just committed unit tests for this. I know that we all agreed that
we wouldn't commit code that had failing unit tests but these are failing
tests exhibiting a rather serious current issue. Please forgive me.

The following codecs do not handle encoding of characters above 0xFF:

CSSCodec
HTMLEntityCodec
JavaScriptCodec
MySQLCodec (in standard mode as ANSI mode only escapes ')
PercentCodec
UnixCodec
VBScriptCodec
WindowsCodec

All of these codecs pass characters with values above 0xFF through
totally unencoded. I have opened issue 75 for this. I need to get some
sleep but I'll try to look at it more in the morning.

>>>------>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091208/1d912d1a/attachment.bin 


More information about the OWASP-ESAPI mailing list