kwwall /
xss-encoder-wrapper
Provide Clojure wrapper functions to the OWASP Java Encoder library's the important 'Encode' static methods as a defense against Cross-Site Scripting (XSS)
Loading repository data…
OWASP / repository
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Contextual Output Encoding is a computer programming technique necessary to stop Cross-Site Scripting. This project is a Java 1.8+ simple-to-use drop-in high-performance encoder class with little baggage.
For more detailed documentation on the OWASP Java Encoder please visit https://owasp.org/www-project-java-encoder/.
You can download a JAR from Maven Central.
JSP tags and EL functions are available in the encoder-jsp, also available:
The jars are also available in Central:
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>1.4.0</version>
</dependency>
<!-- using Servlet Spec 5 in the jakarta.servlet package use: -->
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder-jakarta-jsp</artifactId>
<version>1.4.0</version>
</dependency>
<!-- using the Legacy Servlet Spec in the javax.servlet package use: -->
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder-jsp</artifactId>
<version>1.4.0</version>
</dependency>
The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.2.3.jar, import org.owasp.encoder.Encode and start using.
Example usage:
PrintWriter out = ....;
out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>");
Please look at the javadoc for Encode to see the variety of contexts for which you can encode.
Happy Encoding!
Due to test cases for the encoder-jakarta-jsp project Java 17 is required to package and test
the project. Simply run:
mvn package
To run the Jakarta JSP intgration test, to validate that the JSP Tags and EL work correctly run:
mvn verify -PtestJakarta
| JAR | Module Name |
|---|---|
| encoder | owasp.encoder |
| encoder-jakarta-jsp | owasp.encoder.jakarta |
| encoder-jsp | owasp.encoder.jsp |
| encoder-espai | owasp.encoder.esapi |
| Lib | TagLib |
|---|---|
| encoder-jakarta-jsp | <%@taglib prefix="e" uri="owasp.encoder.jakarta"%> |
| encoder-jsp | <%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project"%> |
The OWASP Java Encoder project is a multi-module Maven project:
$ mvn package
Benchmarks (currently in need of improvement) can be run with:
$ mvn verify -Pbenchmarks
Releases are done via central-publishing-maven-plugin:
$ mvn mvn clean package deploy -DperformRelease=true
The team is happy to announce that version 1.4.0 has been released!
The team is happy to announce that version 1.3.1 has been released!
The team is happy to announce that version 1.3.0 has been released!
jakarta.servlet.* #75.
The team is happy to announce that version 1.2.3 has been released!
The team is happy to announce that version 1.2.2 has been released!
The team is happy to announce that version 1.2.1 has been released!
OWASP Java Encoder has been moved to GitHub. Version 1.2 was also released!
Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use!
We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder.
We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library.
Selected from shared topics, language and repository description—not editorial ratings.
kwwall /
Provide Clojure wrapper functions to the OWASP Java Encoder library's the important 'Encode' static methods as a defense against Cross-Site Scripting (XSS)