Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Integrating WO with OSWASP ESAPI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Integrating WO with OSWASP ESAPI

Subject: Integrating WO with OSWASP ESAPI
From: Mai Nguyen <email@hidden>
Date: Sat, 13 Aug 2011 06:04:26 -0700

Hello,
This may be a bit OT, because I am currently using WO with OSWASP.

A while ago, there were a couple of you who mentioned using OSWASP ESAPI for Java to validate input and do output filtering.

I wonder what would be a good filtering method in ESAPI for filtering any scripts (output filtering)?

I have tried ESAPI.encoder().encodeForHTML(), but it still seems to let the browser execute some tags when the page is rendered.
The brute force would be to do a string parser to parse any offending tags after encoding/decoding, but I am looking at some existing vetted solutions.

Anyone has had similar experience before?

Thanks very much for any hints,

mai _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Prev by Date: Re: Jars in frameworks and Eclipse
Next by Date: Re: Help from security gurus?
Previous by thread: Re: Jars in frameworks and Eclipse
Next by thread: D2W And ERAttachment
Index(es):
- Date
- Thread