Yes, it looks like it is missing some text. Around line 29, the
comments start discussing potential missing canonicalization, and
introduces a partial example:
// Line 29 below
# But note, when you use boolean variants of validation functions, you lose critical
# canonicalization. It is preferable to use the "get" methods (which throw exceptions)
# and use the returned user input which is in canonical form. Consider the following:
#
# try {
# someObject.setEmail(ESAPI.validator().getValidInput("User Email",
input, "Email", maxLength, allowNull));
#
// whoops, the discussion stops there, at line 35.
From the discussion at "ESAPI.properties and SafeString", https://groups.google.com/a/owasp.org/g/esapi-project-users/c/Qg_Su9vl_OY/m/ATboxrdsAAAJ:
Yes, it looks like it is missing some text. Around line 29, the
comments start discussing potential missing canonicalization, and
introduces a partial example: