Difference between revisions of "ESAPI HTTP Protection"

From OWASP
Jump to: navigation, search
(New page: == Feature Overview == TODO == Possible Enhancements == * TODO * ...)
 
 
Line 1: Line 1:
 
== Feature Overview ==
 
== Feature Overview ==
  
TODO
+
This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings.
  
== Possible Enhancements ==
+
The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection.
  
* TODO
+
== Possible Enhancements ==
  
* ...
+
* Jeff created this so perfectly that it does not necessitate additional enhancements.

Latest revision as of 09:52, 11 December 2008

Feature Overview

This request wrapper simply overrides unsafe methods in the HttpServletRequest API with safe versions that return canonicalized data where possible. The wrapper returns a safe value when a validation error is detected, including stripped or empty strings.

The SafeRequest class implements HttpServletRequest and seamlessly adds HTTP protection.

Possible Enhancements

  • Jeff created this so perfectly that it does not necessitate additional enhancements.