Encoding/Decoding using ESAPI

Question

I am trying to prevent CRLF injection(in a url having few user inputs) and trying to encode the user input present in URL. I know I can use input-validation too but if I use ESAPI encoder, does it have any corresponding decoder? If it has then what it is? If not then what can be done to perform the same encoding and decoding?

Fixed grammer and changed title to be less verbose – smac89 Nov 11 '16 at 01:30 — smac89, Nov 11 '16 at 01:30

score 1 · Answer 1 · answered Nov 12 '16 at 18:00

1

As you alluded to, this is a task for the input validation. The ESAPI encoders do output encoding. There are no corresponding decoders because the decoding process (to render it as safe HTML) is done via the end user's browsers.

answered Nov 12 '16 at 18:00

Kevin W. Wall

1,347
7
7

Thank you Kevin W.Wall @smac89 dont mind my ignorance as i am new to this . Thanks all. Cheers. – Aakash Saxena Nov 14 '16 at 13:56

Encoding/Decoding using ESAPI

1 Answers1