Kevin W. Wall
Kevin W. Wall
Keep in mind that any changes that we make in any ESAPI 2.x release need to be backward compatible, so that minimally would mean that we would have to keep...
Note that implementing issue #189 would make this unnecessary.
To be honest, if ALL you are using from ESAPI it the Encoder, you probably should switch to using the OWASP Java Encoder Project. It's a lot smaller and has...
@jtconsol If you look in HTMLEntityCodec.java, at the private 'mkCharacterToEntityMap()' method, there are 580 named references currently present, but none for \	 or &Newline;. I suspect that those are from...
@xeno6696 @jeremiahjstacey -- Do you think we should file this as a bug or as an enhancement? I could see either way really, since I don't think that the HTML5...
@jtconsol When I meant parse it from a resource I meant that we should just deploy some text file that we prepare in advance (whether from this JavaScript or manually)...
Setting this priority to **High** because running Dependency Check is one of the things that we request of anyone contributing to ESAPI via the instructions in the file "**CONTRIBUTING-TO-ESAPI.txt**".
We can copy it locally (via our pom.xml) and use it from there, but NOT at runtime. That would be considered an insecure external code reference by my secure code...
Related to GitHub issue #198. I'm not sure there is a viable solution for this because as explained in the referenced related issue, this is really a catch-22. One of...
Punting this to the 3.0 milestone when we intend on completely rewriting this. I'm not sure there is a good solution until then (see https://github.com/ESAPI/esapi-java-legacy/issues/68#issuecomment-501081474), or at least not without...