Closed GoogleCodeExporter closed 8 years ago
I tried to work around this a couple different ways.
First I tried to implement HTTPUtilities, so I could provide isValidHTTPRequest
with
the original HTTPServletRequest. This didn't work because
HTTPUtilities.getCurrentRequest needs to return a SafeRequest. So, I extended
SafeRequest in a way that forwards all calls to the original request, without
sanitizing the data. Technically this works, but it's kinda fighting the API.
Two solutions came to mind
1) Add isValidHTTPRequest that takes a request passed in. The filter can pass
in the
original request and bypass the SafeRequest sanitizing code.
2) Change HTTPUtilities.getCurrentRequest to return an HTTPServletRequest.
This way,
I can extend HTTPUtilities and not wrap the request in a safe request.
Original comment by Calico...@gmail.com
on 15 Jan 2009 at 4:14
We've implemented option 1 in the new Validator
Original comment by planetlevel
on 12 May 2009 at 2:10
Original issue reported on code.google.com by
Calico...@gmail.com
on 15 Jan 2009 at 3:59