New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make HTMLValidationRule to look for antisamy-esapi.xml in classpaths #310
Comments
From d...@cfreak.net on July 12, 2013 00:56:51 some cleanup Attachment: Also_search_for_antisamy-esapi_xml_in_classpaths.patch |
I ran into this issue as well, while trying to incorporate ESAPI 2.1.0.1 in Tibco Business Works 6. I see that this is still open. The runtime environment out of the box doesn't allow me deploy configuration files seperately, so it would be really nice to get the file via the classpath |
@HJW8472 There is a patch file attached. If you could download ESAPI from GitHub and apply the patch and then build a new ESAPI and test it, then I will try to get this fix into the upcoming 2.2.0.0 release. But I just just installed a new OS on my laptop and at this point, I can't even get our JUnit tests to all work correctly much less having a JavaEE app server installed that I could easily test this. (And yes, I am too lazy to write a new JUnit test and have to screw with the class path. Maybe @jeremiahjstacey feels up to that, but I don't think I'm that proficient with JUnit that I would be sure that I'm doing it correctly. So if you (@HJW8472) are interested, let me know. |
Sorry for the late reply (sabattical and not using antisamy in the MVP). I see that it didn't make it into release 2.2.0.0. Is it planned for a follow up release? |
@HJW8472 - Two things...looks like I need to re-attach the patch file as it just links to Google Code and I think that has been long gone (unless you want to go to archive.org to dig it up). I'm pretty sure I saved all the attachments from Google Code but must have forgotten to upload a few to the appropriate issue. I will see if I can get to that tomorrow. |
@HJW8472 - As promised, here is the patch file for this. Knock yourself out if you want this, but if you want it in the 2.2.1.0 release, I will need to see a PR soon (say, within 2 or 3 weeks). |
coding done in https://github.com/HJW8472/esapi-java-legacy/tree/issue-%23310 |
found some bugs testing it ... fixed those ... now have to make it nice |
@HJW8472 - Okay; waiting for your PR. I want to get this 2.2.1.0 release out so please don't wait too long. I plan on working on the release notes for that this weekend. (And if you want your name mentioned in them rather than simply your GitHub ID, email that to me.) The latest I will wait for your PR is the end of the month. It you don't have it in by then, it will have to wait until the next release to make it in, which may be another 6-8 months out. |
PR created .. looking for your email address, but can't find it yet .... not looking in the right spot ;-) |
issue-ESAPI#310-fixed-review-comments
when the new release expected with this feature ? Can't use my core jar bundled with everything ;(, have to put this file elsewhere.. |
@oleksiimiroshnyk and @HJW8472 - There are still code changes requested on that PR (#541). I added additional responses 9 days ago after going through the latter changes and still found some issues. My understanding was that @HJW8472 wanted us to wait for the next release until PR #541 was part of that, but if we are going to put this in a as a new feature, I want to ensure it is properly tested and I am not yet convinced that it is. Furthermore, there is no reference to the new property in src/configuration/ESAPI.properties which is where the official "production" (i.e., non-test) version of ESAPI.properties resides. Perhaps @oleksiimiroshnyk and @HJW8472 should collaborate on getting the remaining requested changes into this PR. |
Closed via PR #541 after a few more revisions made after my previous May 25, 2020 comment. |
From d...@cfreak.net on July 12, 2013 03:54:13
I have an issue that HTMLValidationRule doesn't look for antisamy-esapi.xml in the classpath. Since I put esapi.properties in the classpath (due to our project structure), antisamy-esapi.xml fails to load.
I attached my version of HTMLValidationRule to look for antisamy.esapi.xml in classpaths (similar to esapi.properties)
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=304
The text was updated successfully, but these errors were encountered: