What steps will reproduce the problem?
1. define invalid HTML String
2. validate it with getValidSafeHtml passing an empty error list as a parameter
3. check the size of the error list afer
What is the expected output? What do you see instead?
expected: an exception in the list of error
observed: empty list
What version of the product are you using? On what operating system?
Java ESAPI 2.0.1, OS X 1.6
Does this issue affect only a specified browser or set of browsers?
N/A
Please provide any additional information below.
code
====
ValidationErrorList errorList = new ValidationErrorList();
String badInput = "test<script>alert('')</script>";
System.out.println("Error list size before: "+errorList.size());
System.out.println("BAD INPUT:="+badInput);
String goodOutput = validator.getValidSafeHTML("test", badInput, 255, false,
errorList);
System.out.println("GOOD OUTPUT:="+goodOutput);
System.out.println("Error list size after: "+errorList.size());
program ouput
=============
Error list size before: 0
BAD INPUT:=test<script>alert('')</script>
GOOD OUTPUT:=test
Error list size after: 0
Original issue reported on code.google.com by evguenia...@gmail.com on 1 Jun 2012 at 4:08
Original issue reported on code.google.com by
evguenia...@gmail.com
on 1 Jun 2012 at 4:08