This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI HTTP Protection"
From OWASP
(New page: == Feature Overview == TODO == Possible Enhancements == * TODO * ...) |
|||
Line 1: | Line 1: | ||
== Feature Overview == | == Feature Overview == | ||
− | + | This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings. | |
+ | |||
+ | The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection. | ||
== Possible Enhancements == | == Possible Enhancements == | ||
− | * | + | * Jeff created this so perfectly that it does not necessitate additional enhancements. |
− | |||
− |
Latest revision as of 14:52, 11 December 2008
Feature Overview
This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings.
The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection.
Possible Enhancements
- Jeff created this so perfectly that it does not necessitate additional enhancements.