Oh and about XSS Lift is safe by default. Marius
On Jun 10, 9:39 am, "marius d." <marius.dan...@gmail.com> wrote: > Hi, > > For most apps cannonicalization is not really necessary as the > character stream for form-url-encoded is UTF-8 by default as Lift uses > UTF-8 by default. Oh and the conversion from URL encoding to plain > UTF-8 content is really done by container and when we get the params > from the request object they are already well formed. Now if we're > talking about a higher level of validation that's a different story > and IMO this is an application aspect and not much a framework one. > > Br's, > Marius > > On Jun 10, 5:43 am, Oliver Lambert <olambo...@gmail.com> wrote: > > > Looks like I might have a requirement for implementing OWASP secure coding > > practices, as described by > > >http://www.sans.org/reading_room/whitepapers/application/rss/appsec_p...<https://mail01.paycorp.com.au/owa/redir.aspx?C=a9af519a5b1b45909b8897...> > > > One thing that I definitively don't do and I believe Lift doesn't do out of > > the box is Canonicalize input > > before validation/filtering. I was looking into using OWASP > > ESAPI<http://www.owasp.org/index.php/ESAPI>but I'm put off by it's use > > of > > property files and system resources. Do any of you Canonicalize input, if > > so, do you use a Library? Does Lift > > need this feature, or any of the others described in the above document? > > > cheers > > Oliver --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---