[OWASP-ESAPI] ESAPI - HTTP Response Splitting
jeff.williams at owasp.org
Tue Mar 24 23:42:10 EDT 2009
The SafeRequest and SafeResponse classes have full support for header
validation. Use a simple filter to wrap the request and response with these
classes. As pointed out in the previous message, we need to make these
classes implement the HttpRequestWrapper and HttpResponseWrapper interfaces.
From: Khash Kiani [mailto:khash.kiani at gmail.com]
Sent: Tuesday, March 24, 2009 7:29 PM
To: jeff.williams at owasp.org
Subject: ESAPI - HTTP Response Splitting
I've been using some the great utilities that come with the ESAPI APIs.
However, I can't fine anything for filtering out CR and LF as an interim
solution against HTTP Response Splitting until we have proper white-list
input validation in place for HTTP headers. Are there any ESAPI utilities
specifically for this purpose?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI