Comments (6)
Forgot : Affect all version until trunk
Original comment by [email protected]
on 30 Oct 2009 at 11:10
from owasp-esapi-java.
I'm working on a JavaScript version and had some thoughts on this class anyway
so
I'll take a look at this when I have a chance.
Thanks for the patch!
Original comment by [email protected]
on 4 Nov 2009 at 9:10
from owasp-esapi-java.
Hi,
Patrick filled a Jira at https://issues.apache.org/jira/browse/OFBIZ-3135
So we, at Apache OFBiz, are also interested by this bug.
Of course it's not high priority
Thanks
Original comment by [email protected]
on 4 Nov 2009 at 11:24
from owasp-esapi-java.
I had a look at the patch and it works for the specific case but not the
general. The
patch provided checks for a match at the next character after one match. This
works
for the cases described but does not work for cases where two entities start
with the
same sequence but differ by more than one character in length. I can only find
one
with this issue (theta & thetasym). I'll try to put together a better fix after
I get
the kids to bed;)
Original comment by [email protected]
on 6 Nov 2009 at 1:52
- Added labels: Priority-High
- Removed labels: Priority-Medium
from owasp-esapi-java.
This should be fixed in revision 755. Please give it a try and report back if
you would.
Thanks
Original comment by [email protected]
on 6 Nov 2009 at 4:53
- Changed state: Fixed
from owasp-esapi-java.
Thank you, fix is working well
Original comment by [email protected]
on 12 Nov 2009 at 8:32
from owasp-esapi-java.
Related Issues (20)
- AbstractAccessReferenceMap.addDirectReference not invariant
- setHeader blocks legitimate headers due to header name size limit being too low
- Log4j configuration with no root level causes NPE in Log4jLogger.java HOT 1
- Content Security Policy - Java Servlet Filter
- logger is gettin class cast exception
- [deleted issue]
- Regex in ESAPI.properties is not considering few of the french characters HOT 2
- Performance HOT 3
- -Log4JLogger.java doesn't output correct file & line number-Similar issue as reported in Issue 268
- HttpParamtervalue for allowing Xml Data
- HTTPParameterValue
- EncryptedPropertiesUtils Switch for Adding Values
- User session just jumped from unknown to 0:0:0:0:0:0:0:1 HOT 1
- ESAPI configuration files not included in dist.
- SecurityConfiguration for ESAPI.Encoder not found in ESAPI.properties. Using default: org.owasp.esapi.reference.DefaultEncoder HOT 1
- Need to update Apache Commons BeanUtils
- Multiple URLs are not supported by Validator.Redirect
- Duplicates ESAPI_en_US.properties in esapi-2.1.0-dist.zip HOT 1
- isValidInput failing for HTTPParameterValue {internalAction:getScreen} HOT 1
- StringUtilities.union() method is broken, weakens GenerateStrongPassword
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from owasp-esapi-java.