allow to cite the offending value if a validation fails as argument (Trusted-Input vs. Filter Concept) ------------------------------------------------------------------------------------------------------
Key: VALIDATOR-228 URL: https://issues.apache.org/jira/browse/VALIDATOR-228 Project: Commons Validator Issue Type: Improvement Components: Framework Environment: any Reporter: Ralf Hauser Fix For: 1.4 for example if an email recipient in a webmail form is deemed to be wrong, it is useful to cite which recipient it was since there could have been several recipients in the form. To do this safely, the email needs to be considered untrusted, since it may contain a cross-site-script XSS . For inspiration, have a look how we paired untrusted inputs (should be the default) with filtering in org.bouncycastle.i18n (if you use it for example in tomcat, there are also some tricky class-loader issues that are solved by now...) previous discussions on this are in https://issues.apache.org/struts/browse/STR-1946 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]