suspicion of double encoding in referrer field - prob. false alarm

batchu / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java

0 stars 0 forks source link

suspicion of double encoding in referrer field - prob. false alarm #44

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1.Create a HTTP Request where the referrer field holds a URL with an
ampersand (&) for parameters.
2.
3.

What is the expected output? What do you see instead?
referrer field with amperstand should be legit.
Instead, ESAPI finds it as a double encoding hacking attach.

What version of the product are you using? On what operating system?
1.4 on Unix

Please provide any additional information below.

Original issue reported on code.google.com by nada...@gmail.com on 25 Oct 2009 at 1:10

GoogleCodeExporter commented 8 years ago

Need to check if this is still the case in 2.0 - If so it can be resolved there 
and
will vote on whether to release a patch to 1.4 to resolve the issue there.

Original comment by chrisisbeef on 29 Oct 2009 at 5:15

Added labels: Component-Logic

GoogleCodeExporter commented 8 years ago

Additional information here would be helpful. Can you include a code sample that
illustrates your issue?

Original comment by chrisisbeef on 2 Dec 2009 at 7:29

GoogleCodeExporter commented 8 years ago

We already addresses this in the latest enhancements to cannonicalization. I'm 
dropping this unless someone brings this up again.

Original comment by manico.james@gmail.com on 1 Nov 2010 at 6:00

Changed state: Fixed

GoogleCodeExporter commented 8 years ago

drop +1

Original comment by chrisisbeef on 1 Nov 2010 at 7:13