encodeForCSS brakes color values

Description

From sendtom...@gmail.com on April 20, 2013 11:33:38

What steps will reproduce the problem? 1. String color = "#FF00FF";
2. <style> h1{ background-color: <&ESAPILEG-37;=Encoder.encodeForCSS(color)&ESAPILEG-37;> } </style> What is the expected output? What do you see instead? <style> h1{ background-color: #FF00FF } </style> What version of the product are you using? On what operating system? ESAPI-1.4.4 Does this issue affect only a specified browser or set of browsers? All browsers. Please provide any additional information below. encodeForCSS is will change # to \23. So user input color is not set to my h1 tag.

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=298

Environment

None

Status

Assignee

Unassigned

Reporter

Max Gelman

Priority

Configure