ESAPI
Validator::getValidSafeHtml does not add Exceptions to the error list parameter
From [email protected] on June 01, 2012 12:08:14
What steps will reproduce the problem? 1. define invalid HTML String 2. validate it with getValidSafeHtml passing an empty error list as a parameter 3. check the size of the error list afer What is the expected output? What do you see instead? expected: an exception in the list of error
observed: empty list What version of the product are you using? On what operating system? Java ESAPI 2.0.1, OS X 1.6 Does this issue affect only a specified browser or set of browsers? N/A Please provide any additional information below. code
ValidationErrorList errorList = new ValidationErrorList(); String badInput = "test"; System.out.println("Error list size before: "+errorList.size()); System.out.println("BAD INPUT:="+badInput); String goodOutput = validator.getValidSafeHTML("test", badInput, 255, false, errorList); System.out.println("GOOD OUTPUT:="+goodOutput); System.out.println("Error list size after: "+errorList.size());
program ouput
Error list size before: 0 BAD INPUT:=test GOOD OUTPUT:=test Error list size after: 0
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=273
