Matt Seil
Matt Seil
Couple of bugs discovered with DefaultEncoder.getCanonicalizedURI(URI) where 1.) We weren't fully handling relative URLs 2.) A canonicalize call was occurring twice always, when logically the intent was to treat queries...
Per Issue #824 Discovered bug where `%2C&html=&&` should throw a MixedEncodingException but instead constructs a URL sequence of `,&html=null&=null&` Note that this does not result in an exploitable URL string,...
### Discussed in https://github.com/ESAPI/esapi-java-legacy/discussions/823 Originally posted by **krog78** January 19, 2024 Hi, DefaultEncoder / getCanonicalizedURI returns mix encoding for HTML special characters in query string (and does not seem to...
``` //Place in EncoderTest public void testESAPIPercentEncoding() { String input = "%E2%84%A2"; String expected = "™"; Encoder e = ESAPI.encoder(); assertEquals(expected, e.canonicalize(input)); } ``` It seems that the uri encoder...
`^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$` should be `^[a-zA-Z0-9()\\\-=\\*\\.\\?;,+\\/:&_ ]*$`
The following unit test is incorrect in the baseline, but this one correctly shows that we don't properly canonicalize a mailto URL. For the record---the regex we currently use as...
`/** * Working with request parameters. If we detect * simple regex characters, we treat it as a regex. * Otherwise we treat it as a single parameter. */ target...
As a user I would like to be able to quickly renumber lines if I have to insert items in the middle
Currently, if I have five items, and decide to insert a sixth, the software doesn't renumber the lines, i.e. 1. 2. 3. 4. 5. inserting a line between 2 and...