copfee / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 1 forks source link

Canonicaling "%Device% changes the meaning of the input string #300

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Take String "%Device%.
2. Canonicalize it using Canonicalize method
3. Now do EncodeForHTML or simple display the result string from Canonicalize. 

What is the expected output? What do you see instead?
The output has needs to be encoded for html, should display as "%Device%" in 
browser,Instead we see "Þvice%"

What version of the product are you using? On what operating system?
2.0rc

Does this issue affect only a specified browser or set of browsers?
all

Please provide any additional information below.
We are using these APIs heavily. Please provide an estimate fix date.

Original issue reported on code.google.com by shilpi.a...@gmail.com on 23 May 2013 at 8:45