Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use the esapi taglib as esapi.tld file is missing in the ESAPI 2.0 GA release #244

Closed
meg23 opened this issue Nov 13, 2014 · 3 comments
Closed

Unable to use the esapi taglib as esapi.tld file is missing in the ESAPI 2.0 GA release #244

meg23 opened this issue Nov 13, 2014 · 3 comments
Labels
bug imported Priority-Medium

Comments

@meg23
Copy link

meg23 commented Nov 13, 2014

From raghuvee...@gmail.com on August 05, 2011 01:53:20

What steps will reproduce the problem? 1.Try using ESAPI tags in JSP file 2. 3. What is the expected output? What do you see instead? What version of the product are you using? On what operating system? ESAPI 2.0 GA, Windows Does this issue affect only a specified browser or set of browsers? Please provide any additional information below.

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=237
@meg23
Copy link
Author

meg23 commented Nov 13, 2014

From schal...@gmail.com on September 20, 2011 12:00:05

Until this is fixed, copy the esapi.tld out of the configuration zip to your WEB-INF/tld/esapi.tld and add the following to your web.xml

    <jsp-config>
            <taglib>
                    <taglib-uri> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</taglib-uri> <taglib-location>/WEB-INF/tld/esapi.tld</taglib-location>
            </taglib>
    </jsp-config>

@meg23
Copy link
Author

meg23 commented Nov 13, 2014

From olivier.hubaut on December 13, 2013 07:32:35

The issue is still present with version 2.1
I find it surprising that such an issue is not yet solved. Especially regarding a library that is focused on security.
There is already so many ways people add security holes in there application that they should not bother fetching the correct tld from the website and put add the proper configuration.

@meg23
Copy link
Author

meg23 commented Nov 13, 2014

From lukens...@gmail.com on February 26, 2014 04:02:27

This still seems to be unresolved

@taringamberini taringamberini mentioned this issue May 3, 2015
Closed
@kwwall kwwall mentioned this issue Mar 8, 2016
Closed
@xeno6696 xeno6696 mentioned this issue May 13, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug imported Priority-Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@meg23 @xeno6696