Howto sanitize input

Question

Howto sanitize input

I am ready to use OWASP ESAPI for Java to disinfect user logins when they submit forms in Tomcat Webapp.

I used org.apache.commons.lang.StringEscapeUtilsas follows:

public static String myEscapeHtml(String s)
{
    String s_escapedString = null;       
    s_escapedString = StringEscapeUtils.escapeHtml(s);
    return s_escapedString;
}

I don't know anymore if it is good enough to protect the webapp “reasonably” ...

I would like to know what lines of code I should write in order to use OWASP ESAPI to sanitize Tomcat Webapp user inputs.

Can you give an example in which one or more ESAPI "filters" (escaping ?, encoding? ...) will be applied to a string to disinfect it?

The RDBMS backend is PostgreSQL.

The Tomcat server can be running on a Linux server or on a Windows server.

Thanks and best regards.

+4

java input owasp sanitize esapi

Léa Massiot 22 . '14 17:21

1

avgvstvs · Answer 1 · 2015-01-22T15:44:42+0000

org.owasp.esapi.reference.DefaultValidator.

validation.properties, .

escaping . , , String output = ESAPI.encoder().escapeForHTML(String s);.

org.owasp.esapi.Encoder.

Howto sanitize input

More articles: