[
https://issues.apache.org/jira/browse/VALIDATOR-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542320
]
Niall Pemberton commented on VALIDATOR-228:
-------------------------------------------
This needs someone to do the work (patch/test cases) and atm theres no sign of
that. So IMO thats probably good enough reason to punt to Valdiator2. Currently
though validator doesn't even deal with error messages, so I don't see how this
could be incorporated into Commons Validator.
> allow to cite the offending value if a validation fails as argument
> (Trusted-Input vs. Filter Concept)
> ------------------------------------------------------------------------------------------------------
>
> Key: VALIDATOR-228
> URL: https://issues.apache.org/jira/browse/VALIDATOR-228
> Project: Commons Validator
> Issue Type: Improvement
> Components: Framework
> Environment: any
> Reporter: Ralf Hauser
> Fix For: 1.4
>
>
> for example if an email recipient in a webmail form is deemed to be wrong, it
> is useful to cite which recipient it was since there could have been several
> recipients in the form.
> To do this safely, the email needs to be considered untrusted, since it may
> contain a cross-site-script XSS .
> For inspiration, have a look how we paired untrusted inputs (should be the
> default) with filtering in org.bouncycastle.i18n
> (if you use it for example in tomcat, there are also some tricky class-loader
> issues that are solved by now...)
> previous discussions on this are in
> https://issues.apache.org/struts/browse/STR-1946
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
