Issue 1 in owasp-java-waf: UTF-8 not supported using OWASP ESAPI

23 views
Skip to first unread message

owasp-j...@googlecode.com

unread,
Jun 27, 2013, 7:24:04 AM6/27/13
to owasp-java-wa...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 1 by praju...@gmail.com: UTF-8 not supported using OWASP ESAPI
http://code.google.com/p/owasp-java-waf/issues/detail?id=1

Our project supports UTF-8 and after integrating with OWASP ESAPI, it is
not working. We mainly used it to fix XSS and Blind sql injection.But this
did not fix the XSS issue.
What steps will reproduce the problem?
1.Integrate OWASP ESAPI website
2.create object with UTF-8 characters
3.Junk values getting stored to DB

What is the expected output? What do you see instead?
It should store the exact value. Junk characters are getting stored

What version of the product are you using? On what operating system?
esapi_2.0, on linux

Please provide any additional information below.

The changes are done only in web.xml, pointing all the url's to the
predefined filter in ESAPI and denining some policies in waf-policy.xml.
Is there any additional changes that need to be done?

Thanks,
Prajula.



--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

owasp-j...@googlecode.com

unread,
Jun 28, 2013, 12:58:16 AM6/28/13
to owasp-java-wa...@googlegroups.com

Comment #1 on issue 1 by praju...@gmail.com: UTF-8 not supported using
OWASP ESAPI
http://code.google.com/p/owasp-java-waf/issues/detail?id=1

Can I get help on this? I want to change the priority, not able to do it..
Kindly reply to this, it is a high priority one...
Reply all
Reply to author
Forward
0 new messages