[
https://issues.apache.org/jira/browse/VALIDATOR-228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebb resolved VALIDATOR-228.
----------------------------
Resolution: Abandoned
> allow to cite the offending value if a validation fails as argument
> (Trusted-Input vs. Filter Concept)
> ------------------------------------------------------------------------------------------------------
>
> Key: VALIDATOR-228
> URL: https://issues.apache.org/jira/browse/VALIDATOR-228
> Project: Commons Validator
> Issue Type: Improvement
> Components: Framework
> Environment: any
> Reporter: Ralf Hauser
> Priority: Major
> Fix For: 2.0
>
>
> for example if an email recipient in a webmail form is deemed to be wrong, it
> is useful to cite which recipient it was since there could have been several
> recipients in the form.
> To do this safely, the email needs to be considered untrusted, since it may
> contain a cross-site-script XSS .
> For inspiration, have a look how we paired untrusted inputs (should be the
> default) with filtering in org.bouncycastle.i18n
> (if you use it for example in tomcat, there are also some tricky class-loader
> issues that are solved by now...)
> previous discussions on this are in
> https://issues.apache.org/struts/browse/STR-1946
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
