[GeoNetwork-devel] ESAPI.properties

Hi,

in current master, there is an exception like:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in ‘org.owasp.esapi.resources’ directory or file not readable: /data/dev/gn/dev/web/ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
Not found in ‘user.home’ (/home/francois) directory: /home/francois/esapi/ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.

The file looks to be located in WEB-INF/classes. Should we move it to another location ?
What happens if this file is not loaded properly ?

Thanks.

Francois

Hi Francois

That file was added to integrate ESAPI library for some methods to cleanup html/js code to avoid XSS, but not sure if even used now in the AngularJs UI. I’ll take a look to fix the loading, as not sure if would load default settings then.

Regards,
Jose García

···

Vriendelijke groeten / Kind regards,

Jose García


Veenderweg 13
6721 WD Bennekom
The Netherlands
T: +31 (0)318 416664

Please consider the environment before printing this email.