This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes ESAPI validation of an html content Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "ESAPI validation of an html content" Watch "ESAPI validation of an html content" New topic
Author

ESAPI validation of an html content

Dmitry Kudelko
Greenhorn

Joined: Dec 26, 2012
Posts: 1
Hi, we are using ESAPI for validating a user input in a web-based application. Currently we have troubles with validating content of an html editor (such as CK or TinyMCE): we get an exception that says that there are mixed encoding detected. It is thrown by a method called "canonicalize".

An the reason for it is that any html content can potentially contain two encodings: url encoding (whch for example %20) and html encoding (various html entities like &,   etc.). Which from the html point of view this is completely valid.
Of course there is an option to switch off the detection of mixed encoding in ESAPI. However ESAPI says that it is more prefferable to keep it switched on to prevent XSS attacs.

So the question is what is the correct way of validating such a content?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: ESAPI validation of an html content
 
Similar Threads
Problem achieving masterpage functionality in JSF
DTD - XML noob question
ADB webservice - attributes and elements content
HTTP content-encoding / transfer-encoding
Mail supporting Multi-Mime format