Thursday, February 25, 2010

OWASP ESAPI4JS project status

The ESAPI4JS project is working on a new specification for an extended client-side validation framework and has a draft of the specification up for comment now. The draft can be found at


The implementation of this framework will function as an add-on component to the core ESAPI4JS library. It's purpose is to offer a comprehensive and easy-to-use validation engine that can be used as an initial validation of simple and complex forms, or in offline applications as a means of validating user supplied information prior to storing it in persistent client-side storage. It will offer support for standard validations (required, length, range, pattern) as well as chained validators and ajax validation.

This framework is not intended to *replace* server-side validation, rather it is intended to compliment it and offer comprehensive validation with the added performance benefit of not having to cycle the information to the server for initial validation, as well as adding some level of security to what is stored in offline applications.

Please take a second to look at the specification and comment on additional features, potential issues, and ideas for changes.

--
Chris Schmidt

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/

Yet Another Developers Blog
http://yet-another-dev.blogspot.com

Bio and Resume
http://www.digital-ritual.net/resume.html

No comments: