aspose file tools
The moose likes Security and the fly likes ESAPI for localization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide 1Z0-808 this week in the OCAJP forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "ESAPI for localization" Watch "ESAPI for localization" New topic

ESAPI for localization

chethan kopparam

Joined: Feb 02, 2012
Posts: 1
Hi folks,

Iam currently using ESAPI-2.0-rc4.jar for security purpose.

Iam having 2 issues:

First Issue: New Line Issue.
Using file having the line: Validator.SafeString=^[\p{L}\p{N}\s.]{0,1024}$, but this eliminates my \r\n (LF/CR,the new lines added in the value are removed on validation.).

Using ESAPI.validator().getValidSafeHTML("getValidSafeHTML",input,instrucLength,true); to validate the "input" string.

If my input string from jsp is as below:



three lines"

The new lines gets eliminated on using getValidSafeHTML and comes as a single line as mentioned below:

"Value in three lines"

The \n\r or the new line is eliminated on using getValidSafeHTML().

Second Issue: Localization:
If my input value contains some french or german characters, it get encoded to its respective unicode
values and hence it becomes difficult to read french or german characters for the user.

For example:
À ---> & Agrave;
à ----> & agrave;

If i have my input value as "Iam À " this gets converted to "Iam & Agrave;" in the UI on successful validation by ESAPI.validator().getValidSafeHTML("getValidSafeHTML",input,instrucLength,true);

So Both the issues combining is as below:

If my input is as :

"Value in

three lines with some

french characters as À"

This gets changed to a single line with encoded values of french character : "Value in three lines with some french characters as & Agrave;" on succuessful validation.

I need to eliminate this . Is there any way that i can change the^[\p{L}\p{N}\s.]{0,1024}$) file which will not eliminate my locatization inputs containing newlines.
Consider Paul's rocket mass heater.
subject: ESAPI for localization