allow to cite the offending value if a validation fails as argument
(Trusted-Input vs. Filter Concept)
------------------------------------------------------------------------------------------------------
Key: VALIDATOR-228
URL: https://issues.apache.org/jira/browse/VALIDATOR-228
Project: Commons Validator
Issue Type: Improvement
Components: Framework
Environment: any
Reporter: Ralf Hauser
Fix For: 1.4
for example if an email recipient in a webmail form is deemed to be wrong, it
is useful to cite which recipient it was since there could have been several
recipients in the form.
To do this safely, the email needs to be considered untrusted, since it may
contain a cross-site-script XSS .
For inspiration, have a look how we paired untrusted inputs (should be the
default) with filtering in org.bouncycastle.i18n
(if you use it for example in tomcat, there are also some tricky class-loader
issues that are solved by now...)
previous discussions on this are in
https://issues.apache.org/struts/browse/STR-1946
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
