Kevin W. Wall
Kevin W. Wall
@jackycct - I don't have time to do this, but if you are still interested, you might want to take a look at our GitHub branch '[kww-java-html-sanitizer](https://github.com/ESAPI/esapi-java-legacy/tree/kww-java-html-sanitizer)'. It is quite...
The current group of ESAPI contributors have discussed this privately amongst ourselves and concluded that some things should be left as-is because of security concerns. Were it up to me,...
This should just be some simple Javadoc additions (although, I am lowering the priority to medium; I've never seen anyone use this reference implementation, except for perhaps the old 'ESAPI...
Yes. Haven't looked at the details of this, but this one probably should have the label of "Milestone 3.0" if it doesn't already. I.e., this issue the reason for the...
Reference to Discussion #810.
It is hard to conceive how we can easily do this without 1) a drastic re-architecture and decoupling of ESAPI, and 2) such changes are likely to impact the ESAPI...
@jeremiahjstacey **_IF_** the comments '// already logged' are incorrect, then I think at an absolute minimum we should add logging here (I'm going to suggest at '.warning' level to match...
This is planned for ESAPI 3. It is not feasible for ESAPI 2.x and we will not be fixing it there; it simply is not worth the effort. -kevin --...
@AveryRegier - A longer answer, which I think you deserve. The biggest single problem is that ESAPI 1.x and 2.x were designed and packaged as a monolithic library of security...
@xeno6696 and @jeremiahjstacey - I've already marked this for the '3.0' milestone, but I was wondering if I should just close this issue (since 2.x is as far as we...