Thursday, February 25, 2010

OWASP ESAPI4JS project status

The ESAPI4JS project is working on a new specification for an extended client-side validation framework and has a draft of the specification up for comment now. The draft can be found at

The implementation of this framework will function as an add-on component to the core ESAPI4JS library. It's purpose is to offer a comprehensive and easy-to-use validation engine that can be used as an initial validation of simple and complex forms, or in offline applications as a means of validating user supplied information prior to storing it in persistent client-side storage. It will offer support for standard validations (required, length, range, pattern) as well as chained validators and ajax validation.

This framework is not intended to *replace* server-side validation, rather it is intended to compliment it and offer comprehensive validation with the added performance benefit of not having to cycle the information to the server for initial validation, as well as adding some level of security to what is stored in offline applications.

Please take a second to look at the specification and comment on additional features, potential issues, and ideas for changes.

Chris Schmidt


Check out OWASP ESAPI for Java

OWASP ESAPI for JavaScript

Yet Another Developers Blog

Bio and Resume


Post a Comment

Subscribe to Post Comments [Atom]

<< Home