Skip to content

Incomplete documentation in validation.properties #913

Description

@noloader

From the discussion at "ESAPI.properties and SafeString", https://groups.google.com/a/owasp.org/g/esapi-project-users/c/Qg_Su9vl_OY/m/ATboxrdsAAAJ:

... validation.properties got
lopped-off in mid sentence

Try checking the comments in https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/test/resources/esapi/validation.properties, or if it's missing there as well, check the git history for those files.

Yes, it looks like it is missing some text. Around line 29, the
comments start discussing potential missing canonicalization, and
introduces a partial example:

// Line 29 below
# But note, when you use boolean variants of validation functions, you lose critical
# canonicalization. It is preferable to use the "get" methods (which throw exceptions)
# and use the returned user input which is in canonical form. Consider the following:
#
# try {
# someObject.setEmail(ESAPI.validator().getValidInput("User Email",
input, "Email", maxLength, allowNull));
#
// whoops, the discussion stops there, at line 35. 

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions