Issue 1 in owasp-java-waf: UTF-8 not supported using OWASP ESAPI
23 views
Skip to first unread message
owasp-j...@googlecode.com
Jun 27, 2013, 7:24:04 AM6/27/13
to owasp-java-wa...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 1 by praju...@gmail.com: UTF-8 not supported using OWASP ESAPI
http://code.google.com/p/owasp-java-waf/issues/detail?id=1
Our project supports UTF-8 and after integrating with OWASP ESAPI, it is
not working. We mainly used it to fix XSS and Blind sql injection.But this
did not fix the XSS issue.
What steps will reproduce the problem?
1.Integrate OWASP ESAPI website
2.create object with UTF-8 characters
3.Junk values getting stored to DB
What is the expected output? What do you see instead?
It should store the exact value. Junk characters are getting stored
What version of the product are you using? On what operating system?
esapi_2.0, on linux
Please provide any additional information below.
The changes are done only in web.xml, pointing all the url's to the
predefined filter in ESAPI and denining some policies in waf-policy.xml.
Is there any additional changes that need to be done?
Thanks,
Prajula.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 1 by praju...@gmail.com: UTF-8 not supported using OWASP ESAPI
http://code.google.com/p/owasp-java-waf/issues/detail?id=1
Our project supports UTF-8 and after integrating with OWASP ESAPI, it is
not working. We mainly used it to fix XSS and Blind sql injection.But this
did not fix the XSS issue.
What steps will reproduce the problem?
1.Integrate OWASP ESAPI website
2.create object with UTF-8 characters
3.Junk values getting stored to DB
What is the expected output? What do you see instead?
It should store the exact value. Junk characters are getting stored
What version of the product are you using? On what operating system?
esapi_2.0, on linux
Please provide any additional information below.
The changes are done only in web.xml, pointing all the url's to the
predefined filter in ESAPI and denining some policies in waf-policy.xml.
Is there any additional changes that need to be done?
Thanks,
Prajula.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
owasp-j...@googlecode.com
Jun 28, 2013, 12:58:16 AM6/28/13
to owasp-java-wa...@googlegroups.com
Comment #1 on issue 1 by praju...@gmail.com: UTF-8 not supported using
OWASP ESAPI
http://code.google.com/p/owasp-java-waf/issues/detail?id=1
Can I get help on this? I want to change the priority, not able to do it..
Kindly reply to this, it is a high priority one...
Reply all
Reply to author
Forward
0 new messages