Fierozen / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Canoniclizing out of EncodeforLdap or EncodeForDN if contains specific characters like "(, ) #" etc. messes up the input. #287

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
I can do EncodeForLdap and EncodeForDN however the output when passed through 
canonicalize, is garbage. 

Try using test string - "Hi (This) ="
Here "(" is converted to \28 on encoding. On decoding it gets converted to 
Character 2 which is stx i.e. nothing.

What is the expected output? What do you see instead?
Input string before encoding should be returned

What version of the product are you using? On what operating system?
2.0.1

Does this issue affect only a specified browser or set of browsers?
all browsers

Please provide any additional information below.
I can do EncodeForLdap and EncodeForDN however the output when passed through 
canonicalize, is garbage. 

Try using test string - "Hi (This) ="
Here "(" is converted to \28 on encoding. On decoding it gets converted to 
Character 2 which is stx i.e. nothing.

Please help.

Original issue reported on code.google.com by shilpi.a...@gmail.com on 28 Sep 2012 at 11:16

GoogleCodeExporter commented 9 years ago
Same is happening for encodeForCSS -

Input String - !@$%()=+{}[]
Encoded String - \21 \40 \24 \25 \28 \29 \3d \2b \7b \7d \5b \5d
When used Canonicalize -      8 9 d b b d b d 
This clearly is an error.

Is there any way we can know when this issue will be resolved.

Shilpi

Original comment by shilpi.a...@gmail.com on 30 Oct 2012 at 5:55

GoogleCodeExporter commented 9 years ago
Hi, 

Is there any update on this issue?

Shilpi

Original comment by shilpi.a...@gmail.com on 9 Sep 2013 at 6:25