[
https://issues.apache.org/jira/browse/VALIDATOR-228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Niall Pemberton updated VALIDATOR-228:
--------------------------------------
Fix Version/s: (was: 1.4)
Validator2
> allow to cite the offending value if a validation fails as argument
> (Trusted-Input vs. Filter Concept)
> ------------------------------------------------------------------------------------------------------
>
> Key: VALIDATOR-228
> URL: https://issues.apache.org/jira/browse/VALIDATOR-228
> Project: Commons Validator
> Issue Type: Improvement
> Components: Framework
> Environment: any
> Reporter: Ralf Hauser
> Fix For: Validator2
>
>
> for example if an email recipient in a webmail form is deemed to be wrong, it
> is useful to cite which recipient it was since there could have been several
> recipients in the form.
> To do this safely, the email needs to be considered untrusted, since it may
> contain a cross-site-script XSS .
> For inspiration, have a look how we paired untrusted inputs (should be the
> default) with filtering in org.bouncycastle.i18n
> (if you use it for example in tomcat, there are also some tricky class-loader
> issues that are solved by now...)
> previous discussions on this are in
> https://issues.apache.org/struts/browse/STR-1946
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
