Google Git
Sign in
android / platform / external / owasp / java-encoder / 1a8239a
commit1a8239a02802a34ec7f28f7d71baccc0fe98a288[log] [tgz]
authorJeremy Long <jeremy.long@gmail.com>Tue Mar 31 09:05:31 2015 -0400
committerJeremy Long <jeremy.long@gmail.com>Tue Mar 31 09:05:31 2015 -0400
tree598158bb67e2595d7a1de07b04bdff6c7f5828af
parenta9468ee165fc1c3c23328c42fd08618a2e505417 [diff]
updated ignored list
1 file changed
tree: 598158bb67e2595d7a1de07b04bdff6c7f5828af
  1. core/
  2. esapi/
  3. jsp/
  4. src/
  5. .gitignore
  6. LICENSE
  7. pom.xml
  8. README.md
README.md

OWASP Java Encoder Project

Contextual Output Encoding is a computer programming technique necessary to stop Cross Site Scripting. This project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with little baggage.

For more information on how to use this project, please see https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project.

Start using the OWASP Java Encoders

You can download a JAR from Maven Central.

JSP tags and functions are available in the encoder-jsp, also avaiable in Central. This jar requires the core library.

The jars are also available in Maven:

<dependency>
        <groupId>org.owasp.encoder</groupId>
        <artifactId>encoder</artifactId>
        <version>1.1.1</version>
</dependency>

<dependency>
        <groupId>org.owasp.encoder</groupId>
        <artifactId>encoder-jsp</artifactId>
        <version>1.1.1</version>
</dependency>

Quick Overview

The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.1.1.jar, import org.owasp.encoder.Encode and start using.

Example usage:

    PrintWriter out = ....;
    out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>");

Please look at the javadoc for Encode to see the variety of contexts for which you can encode.

Happy Encoding!

News

2014-03-31 - Documentation updated

Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use!

2014-01-30 - Version 1.1.1 released

We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder.

2013-02-14 - Version 1.1 released

We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library.