cndylan / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Validator::getValidSafeHtml does not add Exceptions to the error list parameter #273

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. define invalid HTML String
2. validate it with getValidSafeHtml passing an empty error list as a parameter
3. check the size of the error list afer

What is the expected output? What do you see instead?
expected: an exception in the list of error
observed: empty list

What version of the product are you using? On what operating system?
Java ESAPI 2.0.1, OS X 1.6

Does this issue affect only a specified browser or set of browsers?
N/A

Please provide any additional information below.

code
====
ValidationErrorList errorList = new ValidationErrorList();
String badInput = "test<script>alert('')</script>";
System.out.println("Error list size before: "+errorList.size());
System.out.println("BAD INPUT:="+badInput);
String goodOutput = validator.getValidSafeHTML("test", badInput, 255, false, 
errorList);
System.out.println("GOOD OUTPUT:="+goodOutput);
System.out.println("Error list size after: "+errorList.size());

program ouput
=============
Error list size before: 0
BAD INPUT:=test<script>alert('')</script>
GOOD OUTPUT:=test
Error list size after: 0

Original issue reported on code.google.com by evguenia...@gmail.com on 1 Jun 2012 at 4:08