[英]Java bean validation alternatives to OWASP ESAPI
With OWASP demoting Java ESAPI from a flagship project and all of the discussion and uncertainty revolving around the library, I'd like to see what alternatives are available. 随着OWASP从一个旗舰项目中降级Java ESAPI,并且所有的讨论和不确定性都围绕该库,我想看看有哪些替代方法可用。 I currently utilize ESAPI for input validation, HTML/JS/etc encoding and CSRF.
我目前使用ESAPI进行输入验证,HTML / JS / etc编码和CSRF。 I've looked around and found libraries such as OVal, Vlad and others, but have not found an inclusive library that handles the previous 3 items all-inclusive.
我环顾四周,发现了诸如OVal,Vlad等库,但是还没有找到一个包含所有包含前3个项目的包含库。 I'd also like it to be externally "configurable" for the rules as well if possible (as ESAPI is).
我还希望它在规则上也可以在外部“配置”(例如ESAPI)。
Do you have any recommendations to handle Java input/bean validation, HTML/JS encoding and CSRF token utilization? 您是否对处理Java输入/ bean验证,HTML / JS编码和CSRF令牌利用率有任何建议? Either open source or commercial.
开源或商业。
If you are using some of the following web frameworks, Spring MVC, Grails, Struts 1, Struts 2, JSF, take a look to HDIV 如果您使用以下某些Web框架(Spring MVC,Grails,Struts 1,Struts 2,JSF),请参阅HDIV
You can see the differece between HDIV and ESAPI features at: Difference between HDIV and ESAPI 您可以在以下位置看到HDIV和ESAPI功能之间的差异 : HDIV和ESAPI之间的差异
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.