Why to use ESAPI.validator().getValidFileContent() ? What is an invalid or corrupt file?

Question

Please tell me. I am using ESAPI for validation, escaping n all that and i have this confusion. Please share your experience.

Muhammad Imran Tariq · Answer 1 · 2012-06-26T14:02:07.733

0

You need to use its default validator org.owasp.esapi.reference.DefaultValidator class for validation. Also see this API

edited Jun 26 '12 at 14:02

answered Jun 26 '12 at 13:54

Muhammad Imran Tariq

22,654
47
125
190

Do I need to validate or do output encoding/escaping with a file needed to be written in response to nullify a possible xss attack? The file is retrieved from database in byte format. N Thanks the answer was of great help. – R.K.R Jun 27 '12 at 03:44

J Slick · Answer 2 · 2013-07-31T14:38:15.787

0

I am using ESAPI validation in two enterprise web apps. Study the docs at the OWASP ESAPI site, but the site is very disorganized, incomplete, and often has broken links.

Update: Note that, when ESAPI.properties is not loaded, org.owasp.esapi.reference.DefaultValidator handles ESAPI.validator().getValidInput(). Thus, since your custom regex in ESAPI.properties are not loaded, your validation results will vary from what was expected.

edited Jul 31 '13 at 14:38

answered Jan 31 '13 at 20:09

J Slick

929
11
17

Thanks for the help. I have already Implemented ESAPI Successfully. – R.K.R Mar 06 '13 at 12:32

Why to use ESAPI.validator().getValidFileContent() ? What is an invalid or corrupt file?

2 Answers2