DefaultEncoder does not use custom codecs #26
Description
From rpal...@gmail.com on May 21, 2009 12:51:27
What steps will reproduce the problem? 1. Call the DefaultEncoder constructor with List of Codecs as parameter and
pass a list containing a customized JavaScriptCodec that implements Codec
interface
2. Then call the encodeForJavascript method and pass a string.
3. The encoding performed on the string is the default encoding and not the
intended custom encoding as per the codec object passed in the codecs list
that is passed to the constructor What is the expected output? What do you see instead? The encoding should be done as per the customized encodeCharacter method
but it is done using the default encodeCharacter method (belonging to the
org.owasp.esapi.codecs.JavaScriptCodec class) What version of the product are you using? On what operating system? Using owasp-esapi-full-java-1.4.jar, Windows XP. Please provide any additional information below. I saw the DefaultEncoder code and in the DefaultEncoder(List list) at line
70, I see that codecs member is being updated but then the private Codec
variables are not being updated with the ones that are contained the codec
list.
Fix in my opinion:
I think the codec list should be looped through and based on the codec
objects contained, the corresponding private codec memebers should be
updated. For eg: If the codecs list passed has a JavaScriptCodec object,
the private memeber javaScriptCodec should be updated with the object in
the codecs list so that eventually, its encodeCharacter will be called
instead of the method from the default value (to the
org.owasp.esapi.codecs.JavaScriptCodec class)
Attachment: DefaultEncoder.java
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=16