commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Speakmon (JIRA)" <j...@apache.org>
Subject [jira] Commented: (VALIDATOR-228) allow to cite the offending value if a validation fails as argument (Trusted-Input vs. Filter Concept)
Date Mon, 12 Nov 2007 18:03:57 GMT

    [ https://issues.apache.org/jira/browse/VALIDATOR-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12541867
] 

Ben Speakmon commented on VALIDATOR-228:
----------------------------------------

Not sure I understand -- if you call EmailValidator.isValid() with a single email address,
you know if it's valid or not. It sounds like you want Struts to do something different. Or
am I misunderstanding?

> allow to cite the offending value if a validation fails as argument (Trusted-Input vs.
Filter Concept)
> ------------------------------------------------------------------------------------------------------
>
>                 Key: VALIDATOR-228
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-228
>             Project: Commons Validator
>          Issue Type: Improvement
>          Components: Framework
>         Environment: any
>            Reporter: Ralf Hauser
>             Fix For: 1.4
>
>
> for example if an email recipient in a webmail form is deemed to be wrong, it is useful
to cite which recipient it was since there could have been several recipients in the form.
> To do this safely, the email needs to be considered untrusted, since it may contain a
cross-site-script XSS .
> For inspiration, have a look how we paired untrusted inputs (should be the default) with
filtering in org.bouncycastle.i18n
> (if you use it for example in tomcat, there are also some tricky class-loader issues
that are solved by now...)
> previous discussions on this are in https://issues.apache.org/struts/browse/STR-1946

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message