Issue 1 in owasp-java-waf: UTF-8 not supported using OWASP ESAPI

Skip to first unread message

Jun 27, 2013, 7:24:04 AM6/27/13
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 1 by UTF-8 not supported using OWASP ESAPI

Our project supports UTF-8 and after integrating with OWASP ESAPI, it is
not working. We mainly used it to fix XSS and Blind sql injection.But this
did not fix the XSS issue.
What steps will reproduce the problem?
1.Integrate OWASP ESAPI website
2.create object with UTF-8 characters
3.Junk values getting stored to DB

What is the expected output? What do you see instead?
It should store the exact value. Junk characters are getting stored

What version of the product are you using? On what operating system?
esapi_2.0, on linux

Please provide any additional information below.

The changes are done only in web.xml, pointing all the url's to the
predefined filter in ESAPI and denining some policies in waf-policy.xml.
Is there any additional changes that need to be done?


You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:

Jun 28, 2013, 12:58:16 AM6/28/13

Comment #1 on issue 1 by UTF-8 not supported using

Can I get help on this? I want to change the priority, not able to do it..
Kindly reply to this, it is a high priority one...
Reply all
Reply to author
0 new messages