configuration should allow optional auto-cannonicalization before encoding.

ESAPI / esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.

https://owasp.org/www-project-enterprise-security-api/

Other

614 stars 367 forks source link

configuration should allow optional auto-cannonicalization before encoding. #225

Open meg23 opened 9 years ago

meg23 commented 9 years ago

From abathg...@gmail.com on March 24, 2011 19:05:13

Sometimes it is difficult to know when data has been previously encoded so to avoid double encoding having a decode/cannonicalization step before encoding.

Note:Data may have been triple or quadruple encoded - either maliciously or accidentally.

Note:This needs to be very lean code to minimize performance impact.

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=216

meg23 commented 9 years ago

From M.Gelma...@gmail.com on November 13, 2014 10:19:52

Labels: Type-Task

xeno6696 commented 7 years ago

@kwwall I can't make heads nor tails of what this question is getting at. Albeit, I've used this API for years, neither the title nor the description seem to reflect what I've come to learn about our encoding.