Canonicaling "&ESAPILEG-37;Device&ESAPILEG-37; changes the meaning of the input string

Description

From shilpi.a...@gmail.com on May 23, 2013 04:45:26

What steps will reproduce the problem? 1. Take String "&ESAPILEG-37;Device&ESAPILEG-37;.
2. Canonicalize it using Canonicalize method
3. Now do EncodeForHTML or simple display the result string from Canonicalize. What is the expected output? What do you see instead? The output has needs to be encoded for html, should display as "&ESAPILEG-37;Device&ESAPILEG-37;" in browser,Instead we see "├×vice&ESAPILEG-37;" What version of the product are you using? On what operating system? 2.0rc Does this issue affect only a specified browser or set of browsers? all Please provide any additional information below. We are using these APIs heavily. Please provide an estimate fix date.

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=300

Environment

None

Status

Assignee

Unassigned

Reporter

Max Gelman

Priority

Configure