Open issues

ESAPI configuration files not included in dist.
ESAPILEG-340
User session just jumped from unknown to 0:0:0:0:0:0:0:1
ESAPILEG-339
EncryptedPropertiesUtils Switch for Adding Values
ESAPILEG-338
HTTPParameterValue
ESAPILEG-337
HttpParamtervalue for allowing Xml Data
ESAPILEG-336
-Log4JLogger.java doesn't output correct file & line number-Similar issue as reported in Issue 268
ESAPILEG-335
Performance
ESAPILEG-334
Regex in ESAPI.properties is not considering few of the french characters
ESAPILEG-333
logger is gettin class cast exception
ESAPILEG-332
Content Security Policy - Java Servlet Filter
ESAPILEG-331
Log4j configuration with no root level causes NPE in Log4jLogger.java
ESAPILEG-330
setHeader blocks legitimate headers due to header name size limit being too low
ESAPILEG-329
AbstractAccessReferenceMap.addDirectReference not invariant
ESAPILEG-328
StringUtils.union broken which has minor impact on CSRF Protection and random file name generation
ESAPILEG-327
Construct "&" in Validator.URL is simple character class, not reference to ampersand
ESAPILEG-326
Patch for /trunk/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
ESAPILEG-325
ClassCastException on SecurityWrapperResponse
ESAPILEG-324
ClassCastException during web application redeploy due to the grift logging classes
ESAPILEG-323
RequestRateThrottleFilter may not work as expected with hits=1 or hits=2
ESAPILEG-321
Unsynchronized get method, synchronized set method
ESAPILEG-320
Incorrect lazy initialization of static field instance
ESAPILEG-319
Resource leak: FileInputStream is not closed on method exit
ESAPILEG-318
Incorrect Equality test on floating point values
ESAPILEG-317
Resource leak: This FileReader is not closed on method exit
ESAPILEG-316
Deprecate current HttpUtilities.setRememberToken() and replace with one not requiring user password
ESAPILEG-315
ValidatorTest.testIsValidDate fails if default locale is not US
ESAPILEG-314
ESAPI.properties file not being built / deployed as part of production downloads
ESAPILEG-313
Insecure default configuration for Executor.ApprovedExecutables in ESAPI.properties file
ESAPILEG-312
Crypto MAC by-pass makes default ESAPI symmetric encrytion using CBC mode vulnerable to padding oracle attacks
ESAPILEG-311
Make HTMLValidationRule to look for antisamy-esapi.xml in classpaths
ESAPILEG-309
Eliminate eclipse code warnings to improve quality
ESAPILEG-308
AuthenticatedUser isCredentialsNonExpired() have todo comment, but default return false;
ESAPILEG-307
Issue with decodeFromURL method in the DefaultEncoder
ESAPILEG-306
Canonicaling "&ESAPILEG-37;Device&ESAPILEG-37; changes the meaning of the input string
ESAPILEG-305
ClassCastException when using ESAPI logger
ESAPILEG-304
encodeForCSS brakes color values
ESAPILEG-303
HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters
ESAPILEG-302
HTMLEntityCodec#decode incorrectly decodes upper-case accented letters as their lower-case counterparts
ESAPILEG-301
encodeForHTMLAttribute escapes the forward slash
ESAPILEG-300
non-BMP characters incorrectly encoded
ESAPILEG-299
isValidDate fails with patterns ending with "yyyy"
ESAPILEG-298
Java 7 J2EE StandardSessionFacade is not comparable
ESAPILEG-297
ClassNotFoundException: org.owasp.esapi.reference.accesscontrol.DefaultAccessController AccessController class
ESAPILEG-296
CSS and images not working with ESAPIWebApplicationFirewallFilter
ESAPILEG-295
ESAPI validator isValidRedirectLocation does not work
ESAPILEG-294
Config Error
ESAPILEG-293
Canoniclizing out of EncodeforLdap or EncodeForDN if contains specific characters like "(, ) #" etc. messes up the input.
ESAPILEG-292
jsessionid validator regex in esapi.properties not applicable to ids generated by tomcat
ESAPILEG-291
DefaultEncoder.canonicalize() Bug
ESAPILEG-290
Change ESAPI crypto to support hex-encoding of crypto keys
ESAPILEG-289
issue 30 of 335

Make HTMLValidationRule to look for antisamy-esapi.xml in classpaths

Description

From d...@cfreak.net on July 12, 2013 03:54:13

I have an issue that HTMLValidationRule doesn't look for antisamy-esapi.xml in the classpath. Since I put esapi.properties in the classpath (due to our project structure), antisamy-esapi.xml fails to load.

I attached my version of HTMLValidationRule to look for antisamy.esapi.xml in classpaths (similar to esapi.properties)

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=304

Status

Assignee

Unassigned

Reporter

Max Gelman

Priority

Configure