Status/Resolution/Reason: Closed/Fixed/
Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)
Created: 03/06/2012
Components: Security
Versions: 10.0
Failure Type: Enhancement Request
Found In Build/Fixed In Build: Public Beta / 282722
Priority/Frequency: Trivial / Unknown
Locale/System: English / Platforms All
Vote Count: 0
Consider this example: canonicalize("%2523", true, true)
Currently canonicalize() throws an ESAPI exception for bad input. So some may not realize canonicalize() will always need to be wrapped w/in a try/catch. The exception is understandable, b/c that is what ESAPI throws. However, since we’re up a layer in CF, it’d be nice to just get an empty string back sometimes.
Suggestion: canonicalize(inputString, restrictMultiple, restrictMixed, throwOnError)
"throwOnError" default is true. When false, an empty string is returned instead of an ESAPI exception.
I’m basically asking for the option to canonicalize garbage input to an empty string, instead of having to deal w/ an exception and a try/catch. If I’m looping over input (to remove garbage), I’d like the option for it to just give me an empty string back (instead of throw an exception about it being garbage). It’s like I’m telling the function: "OK, I see it’s garbage. Just throw it away (give me an empty string) and move on to handling the next piece of input (instead of throwing an exception)".
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3131308
External Customer Info:
External Company:
External Customer Name: itisdesign
External Customer Email:Attachments:
Comments: