Max Gelman

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 06, 2010 01:21:44_ Cna you commit what you have so far, and I'll take a closer look now? **Cc:** -kevin.w.wall -planetlevel [email protected]

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 06, 2010 01:24:44_ Chris, the test is wrong. Check out his regex... Validator.HTTPParameterValue=^[\p{L}\p{N}.\-/+=_ !$*?@]{0,1000}$ ...it's allowing *. The revised regEx came AFTER he submitted unit tests....

_From [chrisisbeef](https://code.google.com/u/chrisisbeef/) on November 06, 2010 01:31:30_ These changes have only been applied to the ESAPI.properties under src/test/resources to ensure that all issues are resolved before integrating into distributed configuration....

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 06, 2010 01:35:53_ I'm reviewing this now. Thanks Chris.

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 06, 2010 01:42:42_ Chris, Those secondary tests should all fail. ("f" + i) f==fail. assertFalse(safeRequest.getParameter("f" + i).equals(request.getParameter("f" + i))); We just need a tiny cleanup here....

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 06, 2010 02:02:29_ I fixed these unit tests, please update to see. These are not complete (as in, these tests revealed other issues). I'm creating new...

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 06, 2010 02:06:53_ The allowNull issue is being tracked here : https://code.google.com/p/owasp-esapi-java/issues/detail?id=178

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 06, 2010 14:12:23_ These regexs can be simplified a bit. Specifically, in a character class, marked by [...], if '-' is the first or last character...

_From [[email protected]](https://code.google.com/u/103818224014261635312/) on November 09, 2010 15:36:36_ These changes now cause SafeRequestTest.testGetQueryStringPercent to fail. The new regex for Validator.HTTPQueryString does not include the % character: Validator.HTTPQueryString=^([a-zA-Z0-9_\-]{1,32}=[\p{L}\p{N}.\-/+=_ !$_?@]_&?)*$ if % is...

_From [[email protected]](https://code.google.com/u/[email protected]/) on November 10, 2010 00:01:00_ August, that is an excellent idea. I agree 100%. - Jim