ESAPI HTTP Protection

From OWASP
Revision as of 14:52, 11 December 2008 by Jmanico (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Feature Overview

This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings.

The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection.

Possible Enhancements

  • Jeff created this so perfectly that it does not necessitate additional enhancements.
Retrieved from "https://wiki.owasp.org/index.php?title=ESAPI_HTTP_Protection&oldid=48388"