tracker issue : CF-3131308

select a category, or use search below
(searches all categories and all time range)

canonicalize throwOnError

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)

Created: 03/06/2012

Components: Security

Versions: 10.0

Failure Type: Enhancement Request

Found In Build/Fixed In Build: Public Beta / 282722

Priority/Frequency: Trivial / Unknown

Locale/System: English / Platforms All

Vote Count: 0

Consider this example: canonicalize("%2523", true, true)

Currently canonicalize() throws an ESAPI exception for bad input.  So some may not realize canonicalize() will always need to be wrapped w/in a try/catch.  The exception is understandable, b/c that is what ESAPI throws.  However, since we’re up a layer in CF, it’d be nice to just get an empty string back sometimes.

Suggestion: canonicalize(inputString, restrictMultiple, restrictMixed, throwOnError)

"throwOnError" default is true.  When false, an empty string is returned instead of an ESAPI exception.

I’m basically asking for the option to canonicalize garbage input to an empty string, instead of having to deal w/ an exception and a try/catch.  If I’m looping over input (to remove garbage), I’d like the option for it to just give me an empty string back (instead of throw an exception about it being garbage). It’s like I’m telling the function: "OK, I see it’s garbage.  Just throw it away (give me an empty string) and move on to handling the next piece of input (instead of throwing an exception)".

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3131308

External Customer Info:
External Company:  
External Customer Name: itisdesign
External Customer Email:



Related thread:
Comment by External U.
20313 | March 06, 2012 06:08:01 AM GMT
Too late to change function signatures now. We will consider it for the future release
Comment by Rupesh K.
20314 | March 16, 2012 12:48:42 AM GMT
Very cool Rupesh, that's understandable. Thanks!, -Aaron
Comment by External U.
20315 | March 22, 2012 11:07:27 AM GMT