Hi folks,
Iam currently using ESAPI-2.0-rc4.jar for security purpose.
Iam having 2 issues:
First Issue: New Line Issue.
Using Validationg.properties file having the line: Validator.SafeString=^[\p{L}\p{N}\s.]{0,1024}$, but this eliminates my \r\n (LF/CR,the new lines added in the value are removed on validation.).
Using ESAPI.validator().getValidSafeHTML("getValidSafeHTML",input,instrucLength,true); to validate the "input"
string.
If my input string from
jsp is as below:
"Value
in
three lines"
The new lines gets eliminated on using getValidSafeHTML and comes as a single line as mentioned below:
"Value in three lines"
The \n\r or the new line is eliminated on using getValidSafeHTML().
Second Issue: Localization:
If my input value contains some french or german characters, it get encoded to its respective unicode
values and hence it becomes difficult to read french or german characters for the user.
For example:
À ---> & Agrave;
à ----> & agrave;
If i have my input value as "Iam À " this gets converted to "Iam & Agrave;" in the UI on successful validation by ESAPI.validator().getValidSafeHTML("getValidSafeHTML",input,instrucLength,true);
So Both the issues combining is as below:
If my input is as :
"Value in
three lines with some
french characters as
À"
This gets changed to a single line with encoded values of french character : "Value in three lines with some french characters as
& Agrave;" on succuessful validation.
I need to eliminate this . Is there any way that i can change the Validation.properties(Validator.SafeString=^[\p{L}\p{N}\s.]{0,1024}$) file which will not eliminate my locatization inputs containing newlines.