You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Encoder.AllowMultipleEncoding property in ESAPI.properties does not seem to be used anywhere. In DefaultEncoder, the canonicalize() method uses IntrusionDetector.Disable instead:
This method should use the Encoder.AllowMultipleEncoding property, with the possible addition of another property for Encoder.AllowMixedEncoding. This would allow us to handle special cases where we need to allow multiple encoding, but not mixed encoding, without disabling intrusion detection across the board for all of ESAPI.
From augu...@gmail.com on October 29, 2010 05:56:14
The Encoder.AllowMultipleEncoding property in ESAPI.properties does not seem to be used anywhere. In DefaultEncoder, the canonicalize() method uses IntrusionDetector.Disable instead:
This method should use the Encoder.AllowMultipleEncoding property, with the possible addition of another property for Encoder.AllowMixedEncoding. This would allow us to handle special cases where we need to allow multiple encoding, but not mixed encoding, without disabling intrusion detection across the board for all of ESAPI.
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=160
The text was updated successfully, but these errors were encountered: