gular Expressions for Internationalized
Validation
That's an interesting approach you guys are proposing.
I did a quick proof of concept where I coded an Interceptor that uses
the
Apache Commons StringEscapeUtils.escapeHtml function to update all
incoming
parameter values. This seems to impl
ord what he also said about SQL injection:
> Just use PreparedStatements with '?' placeholders (or Hibernate, or some
> other library which will protect you from SQL injection attacks).
>
> [1]
> http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationalized-Valida
gested [1].
To reword what he also said about SQL injection:
Just use PreparedStatements with '?' placeholders (or Hibernate, or some other
library which will protect you from SQL injection attacks).
[1]
http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationalized-Validat
RegexFieldValidator
> Override validate method, do what ever you want there. This should work.
>
>
--
View this message in context:
http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationalized-Validation-tp1
ant.com
PEOPLE :: PASSION :: EXCELLENCE
-Original Message-
From: egetchell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 8:02 PM
To: user@struts.apache.org
Subject: Re: Using POSIX Regular Expressions for Internationalized
Validation
Greg,
Thanks for the reply.
The comm
l treat as anything other than text (i.e. it will never try to
> interpret such data as markup) and therefore you wont be vulnerable.
>
> L.
>
>
--
View this message in context:
http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationalized-Validation-tp19844314
The validation strategy you cite is well and good when the you *have* 'a
set of tightly constrained known good values.' It's not useful in the
general case.
Your concerns with respect to XSS should only present a problem if you
need to render untrusted HTML (such as is often the case with web-
x.php/Data_Validation#Data_Validation_Strategies
>
> Their document, as a whole, is a very intereseting read.
>
>
> Greg Lindholm wrote:
>>
>> Sorry, I've never heard of whitelisting of allowable characters as being
>> a "normal" approach.
>>
gt; "normal" approach.
>
--
View this message in context:
http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationalized-Validation-tp19844314p19859522.html
Sent from the Struts - User mailing list archive at Nabble.com.
---
> Thanks!
>
> Eric Getchell | Sr. Technologist
>
> Distributed Logic Corporation
> 600 Unicorn Park
> Woburn, MA 01801
> Email: [EMAIL PROTECTED]
>
>
--
View this message in context:
http://www.nabble.com/Using-POSIX
600 Unicorn Park
Woburn, MA 01801
Email: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationalized-Validation-tp19844314p19844314.html
Sent from the Struts - User mailing list archive at Nabble.
11 matches
Mail list logo
