search

slocumbf / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

Most codecs fail to encode characters above 0xFF #75

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. encode a character above 0xFF

What is the expected output? What do you see instead?
The character should be encoded since it is not on the white list. Instead
the character is not encoded at all.

Please use labels and text to provide additional information.

The following codecs are affected:

CSSCodec
HTMLEntityCodec
JavaScriptCodec
MySQLCodec (in standard mode as ANSI mode only escapes ')
PercentCodec
UnixCodec
VBScriptCodec
WindowsCodec

This is caused by getHexForNonAlphanumeric returning null for any character
above 0xFF which is identical to it's behavior for characters that should
not be encoded.

Original issue reported on code.google.com by schal...@darkmist.net on 9 Dec 2009 at 4:46

GoogleCodeExporter commented 9 years ago 
Fixed in revision 909

Original comment by schal...@darkmist.net on 9 Dec 2009 at 5:53