Closed GoogleCodeExporter closed 8 years ago
You need to modify the regex for HTTPParameterValue to include the @ symbol. In
ESAPI.properties, change this line:
Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=_ ]*$
To:
Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
An even better approach would be to validate the "email" parameter against an
email-specific regular expression.
DEVELOPERS: Should we add the @ symbol to HTTPParameterValue by default?
Original comment by augu...@gmail.com
on 28 Sep 2010 at 7:45
You are refering
Original comment by manico.james@gmail.com
on 28 Sep 2010 at 9:00
thanks a lot :)
Original comment by tejas.ma...@gmail.com
on 30 Sep 2010 at 4:35
August, lets make this change - it should be in there by default.
Original comment by manico.james@gmail.com
on 2 Nov 2010 at 8:07
[deleted comment]
Simple 1 char change (this time in both esapi.properties files) as recommended
above - attached patch, but probably easier just to make the change yourselves.
Original comment by jtmel...@gmail.com
on 3 Nov 2010 at 3:45
Attachments:
Checked in to SVN as revision #1638
Original comment by augu...@gmail.com
on 4 Nov 2010 at 12:18
Added a few unit tests to ensure fix functions properly.
Original comment by jtmel...@gmail.com
on 4 Nov 2010 at 2:48
Hi All,
I require one help regarding the implementation for esapi in java.when i am providing an input as
instance.isValidInput("test", "hello@world.com", "Email", 100, false)
then it throws the following error on console--->
WARNING: SECURITY-FAILURE Anonymous@unknown:unknown -- Invalid input:
context=test, type=Email( Email), input=hello@world.com
ValidationException @ org.owasp.esapi.reference.DefaultValidator.getValidInput(null:-1)
false
On using this as Input to my source code--->getValidInput("test",
"hello12@world.com", "Email", 100, false)
i get the following error as --->
Jun 22, 2011 11:34:16 AM AppNameNotSpecified IntrusionDetector
WARNING: SECURITY-FAILURE Anonymous@unknown:unknown -- Invalid input:
context=test, type=Email( Email), input=hello12@world.com
ValidationException @ org.owasp.esapi.reference.DefaultValidator.getValidInput(null:-1)
org.owasp.esapi.errors.ValidationException: test: Invalid input. Please conform
to: Email with a maximum length of 100
at org.owasp.esapi.reference.DefaultValidator.getValidInput(Unknown Source)
at Esapi.testIsValidEmail(Esapi.java:38)
at Esapi.main(Esapi.java:49)
can anyone please suggest on the above errors
Appreciate your help !!!!
Original comment by arjunpro...@gmail.com
on 22 Jun 2011 at 6:45
Attachments:
Original issue reported on code.google.com by
tejas.ma...@gmail.com
on 28 Sep 2010 at 9:34