[VALIDATOR-228] allow to cite the offending value if a validation fails as argument (Trusted-Input vs. Filter Concept) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Abandoned
Affects Version/s: None
Fix Version/s: 2.0
Component/s: Framework
Labels:
None
Environment:

any

Description

for example if an email recipient in a webmail form is deemed to be wrong, it is useful to cite which recipient it was since there could have been several recipients in the form.

To do this safely, the email needs to be considered untrusted, since it may contain a cross-site-script XSS .

For inspiration, have a look how we paired untrusted inputs (should be the default) with filtering in org.bouncycastle.i18n
(if you use it for example in tomcat, there are also some tricky class-loader issues that are solved by now...)

previous discussions on this are in https://issues.apache.org/struts/browse/STR-1946

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Ralf Hauser

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 22/Apr/07 10:03

Updated:: 26/Jul/20 21:40

Resolved:: 26/Jul/20 21:40