[OWASP-ESAPI] Does DefaultEncoder handle UTF-8?

Jeff Williams jeff.williams at owasp.org
Tue Mar 31 14:01:29 EDT 2009

Hi Lei,


ESAPI is configurable, but defaults to using UTF-8 everywhere it can.  Can
you let me know a little more about your issue?  Are you posting with a
normal form?  What encoding?  How are you getting parameters from the
request?  Is it a simple request.getParameter()?  Do you change the request
encoding?  Can you verify that the parameter is not getting encoded by
something else, either before or after your ESAPI call?  Some JSP components
encode their data before posting.  How are you outputting the user data?







From: owasp-esapi-bounces at lists.owasp.org
[mailto:owasp-esapi-bounces at lists.owasp.org] On Behalf Of Lei Chen
Sent: Tuesday, March 31, 2009 12:09 AM
To: owasp-esapi at lists.owasp.org
Subject: [OWASP-ESAPI] Does DefaultEncoder handle UTF-8?



We have a form that takes user data that includes people's names in
Chinese/Japanese. I used
ESAPI.encoder().encodeForHTML()/encodeForHTMLAttribute() to encode the input
and display back to browser to show whether there is any mandatory fields
that are missing. The names seem  to be double-encoded and does not display
properly. Is this the correct behavior? How do I make the names display in
the original form?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090331/01f094b7/attachment.html 

More information about the OWASP-ESAPI mailing list