• Post Reply Bookmark Topic Watch Topic
  • New Topic

Issue with ESAPI

 
ravindra patil
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am running my application with ESAPI..



here my input contains filepath parameter filepath=C:\box\box.xml"

i am calling jsp using

but in jsp when i am trying to get that filepath i am getting path withpout file separator like cboxbox.xml

this is happing only with ESAPI if i removed ESAPI it works fine

here is my whole code


 
Greg Charles
Sheriff
Posts: 3010
12
Firefox Browser IntelliJ IDE Java Mac Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ravindra,

I added code tags to your post to make it easier to read. However, I'm still not sure what you're trying to do, and I'm vague on what problem you're seeing. Also, I don't see ESAPI at all. Can you clarify your problem a bit more?
 
ravindra patil
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As part of XSS Input Filtering i have added following lines in web.xml with

and in catalina.bat i have set

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\ESAPI"
where ESAPI folder contains ESAPI.properties files
as i said in my last post my parameter filePath is not coming with file separator . it removes "\"

 
Greg Charles
Sheriff
Posts: 3010
12
Firefox Browser IntelliJ IDE Java Mac Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh, well, it might not be a matter of your code at all then. Windows' use of the backslash character as a file separator causes all kinds of headaches. That's because backslash generally means "escape" so it's forced to serve double-duty on Windows. You probably can fix your problem by escaping the backslash, i.e.:

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\\ESAPI"

Java recognizes the forward slash as a file separator even on Windows, so you can also probably do:

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:/ESAPI"
 
ravindra patil
Ranch Hand
Posts: 234
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes You are correct issue is with backward Slash . replacing is with forward slash solves the problem ..

thanks a lot ...
 
rahoolm raut
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ravindra patil wrote:As part of XSS Input Filtering i have added following lines in web.xml with

and in catalina.bat i have set

set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\ESAPI"
where ESAPI folder contains ESAPI.properties files
as i said in my last post my parameter filePath is not coming with file separator . it removes "\"



Hi Ravindra,
Could you please let me know where is your web.xml location?
Is it the one in tomcat/conf folder?
regards,
rahoolm
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!