search

vidyuthd / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

Provide a taglib descriptor (.tld file) #204

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Desired behavior: the ESAPI jar should include a .tld file in META-INF (see 
http://download.oracle.com/javaee/5/tutorial/doc/bnamu.html for how to format 
this file) to make it easy to use custom JSP tags. It's possible to have 
multiple tag libraries per jar (see 
http://www.oracle.com/technology/sample_code/tutorials/tldcaching/example.html) 
but I think it probably makes sense to package all of ESAPI's tags in one 
taglib.

Without this file, you're forced to hook up the jar's tags via web.xml 
configuration.

Affected version:
2.0 rc10

Original issue reported on code.google.com by marsh...@software.mpierce.org on 2 Feb 2011 at 8:11

GoogleCodeExporter commented 9 years ago 
Here's a start on a tld file that includes all of the EL functions.

<taglib
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee web-jsptaglibrary_2_1.xsd"
        xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        version="2.1">

    <description>Security-related utilities</description>
    <tlib-version>2.0_rc10</tlib-version>
    <uri>http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</uri>
    <short-name>owasp-esapi</short-name>

    <function>
        <name>encodeForBase64</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions
        </function-class>
        <function-signature>java.lang.String encodeForBase64(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForBase64Wrap</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForBase64Wrap(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForBase64Charset</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForBase64Charset(java.lang.String, java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForBase64CharsetWrap</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForBase64CharsetWrap(java.lang.String, java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForCSS</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForCSS(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForHTML</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForHTML(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForHTMLAttribute</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForHTMLAttribute(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForJavaScript</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForJavaScript(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForURL</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForURL(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForVBScript</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForVBScript(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForXML</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForXML(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForXMLAttribute</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForXMLAttribute(java.lang.String)</function-signature>
    </function>
    <function>
        <name>encodeForXPath</name>
        <function-class>org.owasp.esapi.tags.ELEncodeFunctions</function-class>
        <function-signature>java.lang.String encodeForXPath(java.lang.String)</function-signature>
    </function>
</taglib>

Original comment by marsh...@software.mpierce.org on 3 Feb 2011 at 6:35

GoogleCodeExporter commented 9 years ago 
There is a esapi.tld that is in the src tree already. Somehow it got packaged 
with the configuration zip instead of in the jar.

Original comment by schal...@gmail.com on 20 Sep 2011 at 6:58

GoogleCodeExporter commented 9 years ago 
Is there a good reason that tld is not included in the main jar file?

Original comment by pimlo...@gmail.com on 20 Dec 2011 at 5:33