commit | 09fb227288cb94957698cd45ec4e34888b08c47a | [log] [tgz] |
---|---|---|
author | Jeremy Long <jeremy.long@gmail.com> | Mon Mar 30 06:42:34 2015 -0400 |
committer | Jeremy Long <jeremy.long@gmail.com> | Mon Mar 30 06:42:34 2015 -0400 |
tree | d703f0132032529a202e0da755dc4e4630a77256 | |
parent | 0855f008384c82aa9d531dbed31f902754a6fc61 [diff] |
initial version
Contextual Output Encoding is a computer programming technique necessary to stop Cross Site Scripting. This project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with little baggage.
For more information on how to use this project, please see https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project.
You can download a JAR from Maven Central.
JSP tags and functions are available in the encoder-jsp, also avaiable in Central. This jar requires the core library.
The jars are also available in Maven:
'''xml org.owasp.encoder encoder 1.1.1
The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.1.1.jar, import org.owasp.encoder.Encode and start using.
Example usage:
PrintWriter out = ....; out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>");
Please look at the javadoc for Encode to see the variety of contexts for which you can encode.
Happy Encoding!
Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use!
We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder.
We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library.