I have totally confused with below code. When I pass
value as <script>alert(1);</script> then I am getting same result as passed value.
Then what is the use of canonicalize. Or am I doing any mistake? Here the value is the value of request.getParameter().
Encoder enc = ESAPI.encoder();
String result = enc.canonicalize(
value);