Title:
ANeff] ER for: canonicalization in encodeFor_() functions to be configurable
| View in TrackerStatus/Resolution/Reason: To Fix//
Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)
Created: 01/10/2015
Components: Security
Versions: 11.0
Failure Type: Enhancement Request
Found In Build/Fixed In Build: CF11_Final /
Priority/Frequency: Trivial / Unknown
Locale/System: English / Platforms All
Vote Count: 0
Currently, encodeFor_(theInput, true) allows multi and mixed encodings. However, ESAPI's recommendation is: "it's safer to not accept this stuff in the first place".
This ER is for encodeFor_(theInput, true) to match the behavior of encodeFor_(canonicalize(theInput, true, true, false)), since that is more secure and matches ESAPI's recommendation.
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3918986
External Customer Info:
External Company:
External Customer Name: itisdesign
External Customer Email:
Attachments:
Comments: