Kevin W. Wall
Kevin W. Wall
At line 103, of serializekiller.py, it has "t3://us-l-breens:7001" as a substring of the header. I'm thinking that "us-l-breens" substring is a copy / paste error from Stephen Breens' script and...
I think this PR could still use a lot of work, especially to be made a bit more succinct. Unfortunately, my middle name is "TL;DR", so I'm not the best...
## What is missing or needs to be updated? The current XSS Prevention Cheat Sheet is great at describing what developers _should_ do to prevent XSS vulnerabilities and that definitely...
Run 'mvn test' and observe the 3 failing tests. The question is not how to fix this, but is there an explanation of why this is the case and can...
For the branch 'develop', I intentionally left the pom.xml in a state where the default goal for the Dependency Check plugin is set to 'purge' rather than 'check'. That's just...
After a discussion with the AntiSamy team, at some point in the not too distant future, they would like to deprecate their use of the DOM parser and only support...
This is a false positive. SHA-1 is a risky algorithm, but not when it is used as an HMac. Need to report this to GitHub. Nothing to fix here, but...
On [line 247 of HTMLValidationRule.java](https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java#L247), the 'context' argument should be added to what is logged. **Is your feature request related to a problem? Please describe.** No; but the 'context' argument...
The code example in the class Javadoc section for `org.owasp.esapi.ValidationErrorList` is incorrect. It currently looks like: ```java ValidationErrorList() errorList = new ValidationErrorList();. String name = getValidInput("Name", form.getName(), "SomeESAPIRegExName1", 255, false,...
The Javadoc for `HTTPUtilities` is atrocious. For most methods, many of the parameters are not even documented let alone described.