Skip to content
/ owasp-java-encoder Public
forked from OWASP/owasp-java-encoder

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

www.owasp.org/index.php/owasp_java_encoder_project

License

BSD-3-Clause license
0 stars 111 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

piskachev/owasp-java-encoder

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
META-INF
META-INF
 
 
core
core
 
 
esapi
esapi
 
 
jsp
jsp
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

OWASP Java Encoder Project

Build Status License

Contextual Output Encoding is a computer programming technique necessary to stop Cross-Site Scripting. This project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with little baggage.

For more information on how to use this project, please see the OWASP wiki.

Start using the OWASP Java Encoders

You can download a JAR from Maven Central.

JSP tags and EL functions are available in the encoder-jsp, also available in Central.

The jars are also available in Maven:

<dependency>
    <groupId>org.owasp.encoder</groupId>
    <artifactId>encoder</artifactId>
    <version>1.2.2</version>
</dependency>

<dependency>
    <groupId>org.owasp.encoder</groupId>
    <artifactId>encoder-jsp</artifactId>
    <version>1.2.2</version>
</dependency>

Quick Overview

The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.2.jar, import org.owasp.encoder.Encode and start using.

Example usage:

    PrintWriter out = ....;
    out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>");

Please look at the javadoc for Encode to see the variety of contexts for which you can encode.

Happy Encoding!

News

2018-09-14 - 1.2.2 Release

The team is happy to announce that version 1.2.2 has been released!

  • This is a minor release fixing documentation and licensing issues.

2017-02-19 - 1.2.1 Release

The team is happy to announce that version 1.2.1 has been released!

  • The CDATA Encoder was modified so that it does not emit intermediate characters between adjacent CDATA sections.
  • The documentation on gh-pages has been improved.

2015-04-12 - 1.2 Release on GitHub

OWASP Java Encoder has been moved to GitHub. Version 1.2 was also released!

2014-03-31 - Documentation updated

Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use!

2014-01-30 - Version 1.1.1 released

We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder.

2013-02-14 - Version 1.1 released

We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library.

About

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

www.owasp.org/index.php/OWASP_Java_Encoder_Project

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Java 100.0%