suspicion of double encoding in referrer field - prob. false alarm

[GoogleCodeExporter]

What steps will reproduce the problem?
1.Create a HTTP Request where the referrer field holds a URL with an
ampersand (&) for parameters.
2.
3.

What is the expected output? What do you see instead?
referrer field with amperstand should be legit.
Instead, ESAPI finds it as a double encoding hacking attach.

What version of the product are you using? On what operating system?
1.4 on Unix

Please provide any additional information below.

Original issue reported on code.google.com by nada...@gmail.com on 25 Oct 2009 at 1:10

[GoogleCodeExporter]

Need to check if this is still the case in 2.0 - If so it can be resolved there 
and
will vote on whether to release a patch to 1.4 to resolve the issue there.

Original comment by chrisisbeef on 29 Oct 2009 at 5:15

• Added labels: Component-Logic

[GoogleCodeExporter]

Additional information here would be helpful. Can you include a code sample that
illustrates your issue?

Original comment by chrisisbeef on 2 Dec 2009 at 7:29

[GoogleCodeExporter]

We already addresses this in the latest enhancements to cannonicalization. I'm 
dropping this unless someone brings this up again.

Original comment by manico.james@gmail.com on 1 Nov 2010 at 6:00

• Changed state: Fixed

[GoogleCodeExporter]

drop +1

Original comment by chrisisbeef on 1 Nov 2010 at 7:13