This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI HTTP Protection"
From OWASP
(New page: == Feature Overview == TODO == Possible Enhancements == * TODO * ...) |
|||
| Line 1: | Line 1: | ||
== Feature Overview == | == Feature Overview == | ||
| − | + | This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings. | |
| + | |||
| + | The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection. | ||
== Possible Enhancements == | == Possible Enhancements == | ||
| − | * | + | * Jeff created this so perfectly that it does not necessitate additional enhancements. |
| − | |||
| − | |||
Latest revision as of 14:52, 11 December 2008
Feature Overview
This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings.
The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection.
Possible Enhancements
- Jeff created this so perfectly that it does not necessitate additional enhancements.
