Hi, For most apps cannonicalization is not really necessary as the character stream for form-url-encoded is UTF-8 by default as Lift uses UTF-8 by default. Oh and the conversion from URL encoding to plain UTF-8 content is really done by container and when we get the params from the request object they are already well formed. Now if we're talking about a higher level of validation that's a different story and IMO this is an application aspect and not much a framework one.
Br's, Marius On Jun 10, 5:43 am, Oliver Lambert <[email protected]> wrote: > Looks like I might have a requirement for implementing OWASP secure coding > practices, as described by > > http://www.sans.org/reading_room/whitepapers/application/rss/appsec_p...<https://mail01.paycorp.com.au/owa/redir.aspx?C=a9af519a5b1b45909b8897...> > > One thing that I definitively don't do and I believe Lift doesn't do out of > the box is Canonicalize input > before validation/filtering. I was looking into using OWASP > ESAPI<http://www.owasp.org/index.php/ESAPI>but I'm put off by it's use > of > property files and system resources. Do any of you Canonicalize input, if > so, do you use a Library? Does Lift > need this feature, or any of the others described in the above document? > > cheers > Oliver --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
