Hello I am having some difficulty with something that I am trying to do with a test page. I am trying to call the encrypted value of the url using esapi. This test page that I put together with the help of some other people is working mostly, except that I cannot call the encryption in the manner which is highlighted in bold. (4 entries). In addition, if you look down below, I am not able to call with an xsl spreadsheet the hidden value of the url as encrypted either. The value will not encrypt. Any ideas appreciated, thank you, Michele
===============================================
===============================================

<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>

<%@page import="org.owasp.esapi.*"%>
<%@page import="org.owasp.esapi.crypto.CipherText"%>
<%@page import="org.owasp.esapi.crypto.PlainText"%>
<%@page import="org.owasp.esapi.errors.EncryptionException "%>



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>ESAPI Test Page</title>

</head>

<body>

<%
String queryString = request.getQueryString();

String encryptedQueryString = ESAPI.httpUtilities()
.encryptQueryString(queryString);

//Map decryptedQueryString = (Map) ESAPI.httpUtilities().decryptQueryString( encryptedQueryString );
%>

<%
// parentId => encrypted query string
String parentId = ESAPI.httpUtilities().encryptQueryString(
request.getQueryString() );

%>


<p>
The encrypted querystring for the parameters (parentId) is:
<%=parentId%></p>


<p>
The encrypted querystring for the parameters (parentId) is:
<%="ESAPI:httpUtilities.encryptQueryString(parentI d)"%> </p>




<% // userId => encrypted query string
String userId = ESAPI.httpUtilities().encryptQueryString(
request.getQueryString() );

%>

<p>
The encrypted querystring for the parameters (userId) is:
<%=userId%></p>

<p>
The encrypted querystring for the parameters (userId) is:
<%="ESAPI:httpUtilities.encryptQueryString(userId) "%> </p>




<% // homeid => encrypted query string
String homeid = ESAPI.httpUtilities().encryptQueryString(
request.getQueryString() );

%>


<p>
The encrypted querystring for the parameters (homeid) is:
<%=homeid%></p>

<p>
The encrypted querystring for the parameters (homeid) is:
<%="ESAPI:httpUtilities.encryptQueryString(homeId) "%> </p>


<% // mode => encrypted query string
String mode = ESAPI.httpUtilities().encryptQueryString(
request.getQueryString() );

%>

<p>
The encrypted querystring for the parameters (mode) is:
<%=mode%></p>


<p>
The encrypted querystring for the parameters (mode) is:
<%="ESAPI:httpUtilities.encryptQueryString(mode)"% > </p>




<%
// if ( decryptedQueryString.equals( queryString ) ) {
%>





</body>

</html>
===============================================
===============================================
<?xml version="1.0"?>

<xsl:stylesheet version="1.0" xmlnssl="http://www.w3.org/1999/XSL/Transform">

<xsl:attribute name="href">/xsl/testpage4.jsp?&amp;userId=<xsl:value-of select="Esapi:encryptHiddenField(FinanceReports/state/userid)"/>&amp;homeid=<xsl:value-of select="FinanceReports/state/homeid"/>&amp;parentId=<xsl:value-of select="FinanceReports/state/parentid"/>&amp;mode=<xsl:value-of select="FinanceReports/state/mode"/></xsl:attribute>


</xsl:stylesheet>