esapi-java-legacy
esapi-java-legacy copied to clipboard
ESAPI
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
**Is your feature request related to a problem? Please describe.** I am in a process to improve security of an application using ESAPI library. I've noticed that there is an...
After a discussion with the AntiSamy team, at some point in the not too distant future, they would like to deprecate their use of the DOM parser and only support...
This is a false positive. SHA-1 is a risky algorithm, but not when it is used as an HMac. Need to report this to GitHub. Nothing to fix here, but...
**Describe the bug** ESAPI excludes transitive dependency xalan from xom, but does not include it itself see https://github.com/ESAPI/esapi-java-legacy/blob/develop/pom.xml#L181C22-L181C73 it states > excluded because we directly import newer versions **Specify what...
On [line 247 of HTMLValidationRule.java](https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java#L247), the 'context' argument should be added to what is logged. **Is your feature request related to a problem? Please describe.** No; but the 'context' argument...
Description : org.owasp.esapi.Logger class methods always return true irrespective of root logger level. - isDebugEnabled() - isErrorEnabled() - isInfoEnabled() - isFatalEnabled() - isTraceEnabled() - isWarningEnabled() Version : **esapi-2.4.0.0** Analysis: Since...
The code example in the class Javadoc section for `org.owasp.esapi.ValidationErrorList` is incorrect. It currently looks like: ```java ValidationErrorList() errorList = new ValidationErrorList();. String name = getValidInput("Name", form.getName(), "SomeESAPIRegExName1", 255, false,...
_From [[email protected]](https://code.google.com/u/[email protected]/) on December 31, 2010 06:54:16_ There are presently (as of ESAPI 2.0_rc10) two encoders that are LDAP-related: 1) Encoder.encodeForDN(String) 2) Encoder.encodeForLDAP(String) Neither of these seem to properly handle...
The Javadoc for `HTTPUtilities` is atrocious. For most methods, many of the parameters are not even documented let alone described.
**Describe the bug** There are many links in the ESAPI Javadoc (and probably elsewhere as well, but those are old snapshots in history so most are probably okay) where the...