From 776409fbd89fba6ae19591e9bc23bc658e513316 Mon Sep 17 00:00:00 2001
From: Matt Gifford <me@mattgifford.co.uk>
Date: Mon, 22 Oct 2012 13:26:44 +0100
Subject: [PATCH] Added canonicalize method

Extending the ESAPI integration by adding the canonicalize method.
---
 README.md                  |  1 +
 securityutil.cfc           | 12 ++++++++++++
 tests/CanonicalizeTest.cfc | 12 ++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 tests/CanonicalizeTest.cfc

diff --git a/README.md b/README.md
index ad6d611..c7dc4f1 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ Copy the `securityutil.cfc` file into your project and then:
 ```cfm
 <cfset securityUtil = CreateObject("component", "securityutil")>
 <cfoutput>
+	Hello #securityUtil.canonicalize(url.name)# <br /> <!--- ESAPI canonicalize --->
 	Hello #securityUtil.encodeHTML(url.name)# <br /> <!--- ESAPI encodeForHTML --->
 	Hello #securityUtil.scrub(url.name)# <!--- remove all but a-z0-9 --->
 </cfoutput>
diff --git a/securityutil.cfc b/securityutil.cfc
index cf50e29..31432e8 100644
--- a/securityutil.cfc
+++ b/securityutil.cfc
@@ -72,6 +72,18 @@
 		</cfif>
 	</cffunction>
 	
+	<cffunction name="canonicalize" output="false" hint="Runs the ESAPI canonicalize method using either CFs builtin or falls back on java.">
+		<cfargument name="input" 															hint="The string to encode.">
+		<cfargument name="restrictMultiple" type="boolean" required="true" default="false" 	hint="If set to true, multiple encoding is restricted.">
+		<cfargument name="restrictMixed" 	type="boolean" required="true" default="false"	hint="If set to true, mixed encoding is restricted.">
+		<cfif variables.esapiBuiltin>
+			<cfreturn canonicalize(arguments.input, arguments.restrictMultiple, arguments.restrictMixed)>
+		<cfelse>
+			<cfset assertInit()>
+			<cfreturn variables.esapi.encoder().canonicalize(arguments.input)>	
+		</cfif>
+	</cffunction>
+	
 	<cffunction name="encodeHTML" output="false" hint="Runs the ESAPI encodeForHTML method using either CFs builtin or falls back on java.">
 		<cfargument name="input" hint="Currently supports string input but eventually it could operate on an entire data structure at once, eg struct query">
 		<cfif variables.esapiBuiltin>
diff --git a/tests/CanonicalizeTest.cfc b/tests/CanonicalizeTest.cfc
new file mode 100644
index 0000000..dab6778
--- /dev/null
+++ b/tests/CanonicalizeTest.cfc
@@ -0,0 +1,12 @@
+<cfcomponent extends="base">
+	
+	<cffunction name="testSimple">
+		<cfset assertEquals("test", getSecurityUtil().canonicalize("test"))>
+	</cffunction>
+	
+	<cffunction name="testTag">
+		<cfset assertEquals("<pete />", getSecurityUtil().canonicalize("&lt;pete &##x2f;&gt;"))>
+	</cffunction>
+	
+	
+</cfcomponent>
\ No newline at end of file