Return-Path: Delivered-To: apmail-commons-issues-archive@locus.apache.org Received: (qmail 48468 invoked from network); 12 Nov 2007 18:04:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Nov 2007 18:04:21 -0000 Received: (qmail 40680 invoked by uid 500); 12 Nov 2007 18:04:07 -0000 Delivered-To: apmail-commons-issues-archive@commons.apache.org Received: (qmail 40617 invoked by uid 500); 12 Nov 2007 18:04:07 -0000 Mailing-List: contact issues-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: issues@commons.apache.org Delivered-To: mailing list issues@commons.apache.org Received: (qmail 40608 invoked by uid 99); 12 Nov 2007 18:04:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Nov 2007 10:04:07 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Nov 2007 18:04:18 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 860BC71420A for ; Mon, 12 Nov 2007 10:03:57 -0800 (PST) Message-ID: <28745308.1194890637545.JavaMail.jira@brutus> Date: Mon, 12 Nov 2007 10:03:57 -0800 (PST) From: "Ben Speakmon (JIRA)" To: issues@commons.apache.org Subject: [jira] Commented: (VALIDATOR-228) allow to cite the offending value if a validation fails as argument (Trusted-Input vs. Filter Concept) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/VALIDATOR-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12541867 ] Ben Speakmon commented on VALIDATOR-228: ---------------------------------------- Not sure I understand -- if you call EmailValidator.isValid() with a single email address, you know if it's valid or not. It sounds like you want Struts to do something different. Or am I misunderstanding? > allow to cite the offending value if a validation fails as argument (Trusted-Input vs. Filter Concept) > ------------------------------------------------------------------------------------------------------ > > Key: VALIDATOR-228 > URL: https://issues.apache.org/jira/browse/VALIDATOR-228 > Project: Commons Validator > Issue Type: Improvement > Components: Framework > Environment: any > Reporter: Ralf Hauser > Fix For: 1.4 > > > for example if an email recipient in a webmail form is deemed to be wrong, it is useful to cite which recipient it was since there could have been several recipients in the form. > To do this safely, the email needs to be considered untrusted, since it may contain a cross-site-script XSS . > For inspiration, have a look how we paired untrusted inputs (should be the default) with filtering in org.bouncycastle.i18n > (if you use it for example in tomcat, there are also some tricky class-loader issues that are solved by now...) > previous discussions on this are in https://issues.apache.org/struts/browse/STR-1946 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.