From d...@cfreak.net on July 12, 2013 00:56:51

some cleanup

Attachment: Also_search_for_antisamy-esapi_xml_in_classpaths.patch

I ran into this issue as well, while trying to incorporate ESAPI 2.1.0.1 in Tibco Business Works 6. I see that this is still open. The runtime environment out of the box doesn't allow me deploy configuration files seperately, so it would be really nice to get the file via the classpath

@HJW8472 There is a patch file attached. If you could download ESAPI from GitHub and apply the patch and then build a new ESAPI and test it, then I will try to get this fix into the upcoming 2.2.0.0 release. But I just just installed a new OS on my laptop and at this point, I can't even get our JUnit tests to all work correctly much less having a JavaEE app server installed that I could easily test this. (And yes, I am too lazy to write a new JUnit test and have to screw with the class path. Maybe @jeremiahjstacey feels up to that, but I don't think I'm that proficient with JUnit that I would be sure that I'm doing it correctly. So if you (@HJW8472) are interested, let me know.

Sorry for the late reply (sabattical and not using antisamy in the MVP). I see that it didn't make it into release 2.2.0.0. Is it planned for a follow up release?
And I would have to look into how to help you guys out. And I don't see clear branches in your github repo with the patch.

@HJW8472 - Two things...looks like I need to re-attach the patch file as it just links to Google Code and I think that has been long gone (unless you want to go to archive.org to dig it up). I'm pretty sure I saved all the attachments from Google Code but must have forgotten to upload a few to the appropriate issue. I will see if I can get to that tomorrow.
The second thing, if you wish to help out there are brief instructions in our project's README.md under the section "Contributing to ESAPI legacy" and more complete instructions in the file CONTRIBUTING-TO-ESAPI.txt. If you read through the latter, you see that we generally no longer use branches for new features or bug fixes on https://github.com/ESAPI/esapi-java-legacy. Rather we expect you to fork that to your personal GitHub repo, work on a branch there, and then submit a PR. If you are interested in doing that, please let me know ASAP since now that i'm finished with taxes, I plan on starting to work on the release notes for our next release, which will be 2.2.1.0 and as such was planning on announcing a code freeze RSN. (Translation: If you want to get this into the next official release, you need to get it to me very soon. Otherwise, it won't make it in until the next release which probably will be at least 6 months further out.) I will drop a new comment here when I find the patch file and upload it.

@HJW8472 - As promised, here is the patch file for this. Knock yourself out if you want this, but if you want it in the 2.2.1.0 release, I will need to see a PR soon (say, within 2 or 3 weeks).
gh-310-issue304-Also_search_for_antisamy-esapi_xml_in_classpaths.patch.txt

coding done in https://github.com/HJW8472/esapi-java-legacy/tree/issue-%23310
mvn test gives no failures
now i have to look into adding a JUnit test for classpath loading ... or not

found some bugs testing it ... fixed those ... now have to make it nice

@HJW8472 - Okay; waiting for your PR. I want to get this 2.2.1.0 release out so please don't wait too long. I plan on working on the release notes for that this weekend. (And if you want your name mentioned in them rather than simply your GitHub ID, email that to me.) The latest I will wait for your PR is the end of the month. It you don't have it in by then, it will have to wait until the next release to make it in, which may be another 6-8 months out.

PR created .. looking for your email address, but can't find it yet .... not looking in the right spot ;-)

when the new release expected with this feature ? Can't use my core jar bundled with everything ;(, have to put this file elsewhere..

@oleksiimiroshnyk and @HJW8472 - There are still code changes requested on that PR (#541). I added additional responses 9 days ago after going through the latter changes and still found some issues. My understanding was that @HJW8472 wanted us to wait for the next release until PR #541 was part of that, but if we are going to put this in a as a new feature, I want to ensure it is properly tested and I am not yet convinced that it is. Furthermore, there is no reference to the new property in src/configuration/ESAPI.properties which is where the official "production" (i.e., non-test) version of ESAPI.properties resides. Perhaps @oleksiimiroshnyk and @HJW8472 should collaborate on getting the remaining requested changes into this PR.

Closed via PR #541 after a few more revisions made after my previous May 25, 2020 comment.