This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ESAPI HTTP Protection

From OWASP
Jump to: navigation, search

Feature Overview

This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings.

The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection.

Possible Enhancements

  • Jeff created this so perfectly that it does not necessitate additional enhancements.
Retrieved from "https://wiki.owasp.org/index.php?title=ESAPI_HTTP_Protection&oldid=48388"