esapi-java-legacy
esapi-java-legacy copied to clipboard
ESAPI
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
1.when i call the api "ESAPI.validator().getValidSafeHTML" with input is ``` " \n This administrative email\n is being sent to you from Rockstar Games, 622 Broadway, NY, NY 10012. If you\n...
Need 'package.html' for the following packages: - org.owasp.esapi.codecs.ref - org.owasp.esapi.configuration - org.owasp.esapi.configuration.consts - org.owasp.esapi.logging.appender - org.owasp.esapi.logging.cleaner - org.owasp.esapi.logging.log4j - org.owasp.esapi.logging.slf4j - org.owasp.esapi.reference.accesscontrol - org.owasp.esapi.reference.accesscontrol.policyloader And some of the links in...
I noticed a whole stream of these errors when running: mvn site. I suspect the actual bug is in FindSecBugs itself, but not sure. Not a big deal, but would...
Discussed in the scope of release 2.2.3.0, we're looking to update the project to remove forks from the surefire test execution environment. Doing this should remove some scale of cross-contamination...
As a developer, I want to use HTML Santizer to validate HTML content
Way back when (perhaps ESAPI 1.4, but maybe even earlier), it seems as though the ESAPI WAF code (under in the package `org.owasp.esapi.waf` and its sub-packages) was using Apache Log4J...
`^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$` should be `^[a-zA-Z0-9()\\\-=\\*\\.\\?;,+\\/:&_ ]*$`
It would be nice if: * some of the functionalities (e.g. canonicalization) would be extracted into separate maven modules so that they could be used independently and without the need...
In ESAPI version 2.2.0.0 the methods getStringProp(), getBooleanProp(), getByteArrayProp(), getIntProp() in class DefaultSecurityConfiguration will throw a NullPointerException when DefaultSecurityConfiguration is instantiated using constructor DefaultSecurityConfiguration(Properties properties) ... Properties p = new...
A new request header rolling out to Chrome stable, the '`sec-ch-ua` header that is part of the [User Agent Client Hints](https://web.dev/user-agent-client-hints/) fail the [current default HTTPHeaderValue validation regex](https://github.com/ESAPI/esapi-java-legacy/blob/cf4de093ff6b24a00d2e99396522a70b895bbabf/configuration/esapi/ESAPI.properties#L480). Specifically, the...
