Closed sudarshannavada closed 4 years ago
You referenced the ESAPI encoder but listed a bug in the OWASP Java Encoder. These are separate projects. Can you try this in the OWASP Java encoder?
-- Jim Manico @Manicode Secure Coding Education +1 (808) 652-3805
On Jan 13, 2020, at 3:54 AM, sudarshannavada notifications@github.com wrote:
encoder.encodeForHtml of Japanese character “𠮷”( 𠮷 ) resulting in �� and these code points are not identified by HTML document. The browser doesn't understands the surrogate pairs. We are using org.owasp.esapi esapi2.1.0.1 and ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Any leads will be appreciated.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Sorry for the mistake, I have tried org.owasp.encoder.Encode.forHtmlContent(String input) as Javadoc says Surrogate pairs are passed through if valid. Anyway I got the solution.. ! Thank You.
encoder.encodeForHtml of Japanese character “𠮷”( \𠮷 ) resulting in \\ and these code points are not identified by HTML document. The browser doesn't understands the surrogate pairs. We are usingorg.owasp.esapi esapi 2.1.0.1
and
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Any leads will be appreciated.