|
| 1 | +OWASP Java Encoder Project |
| 2 | +========================== |
| 3 | +Contextual Output Encoding is a computer programming technique necessary to stop Cross Site Scripting. This project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with little baggage. |
| 4 | + |
| 5 | +For more information on how to use this project, please see https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project. |
| 6 | + |
| 7 | +Start using the OWASP Java Encoders |
| 8 | +----------------------------------- |
| 9 | +You can download a JAR from [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.owasp.encoder%22%20a%3A%22encoder%22). |
| 10 | + |
| 11 | +JSP tags and functions are available in the encoder-jsp, also avaiable in [Central](http://search.maven.org/remotecontent?filepath=org/owasp/encoder/encoder-jsp/1.1.1/encoder-jsp-1.1.1.jar). This jar requires the core library. |
| 12 | + |
| 13 | +The jars are also available in Maven: |
| 14 | + |
| 15 | +'''xml |
| 16 | +<dependency> |
| 17 | + <groupId>org.owasp.encoder</groupId> |
| 18 | + <artifactId>encoder</artifactId> |
| 19 | + <version>1.1.1</version> |
| 20 | +</dependency> |
| 21 | + |
| 22 | +<dependency> |
| 23 | + <groupId>org.owasp.encoder</groupId> |
| 24 | + <artifactId>encoder-jsp</artifactId> |
| 25 | + <version>1.1.1</version> |
| 26 | +</dependency> |
| 27 | +``` |
| 28 | +
|
| 29 | +Quick Overview |
| 30 | +-------------- |
| 31 | +The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.1.1.jar, import org.owasp.encoder.Encode and start using. |
| 32 | +
|
| 33 | +Example usage: |
| 34 | +
|
| 35 | +```java |
| 36 | + PrintWriter out = ....; |
| 37 | + out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>"); |
| 38 | +``` |
| 39 | + |
| 40 | +Please look at the javadoc for Encode to see the variety of contexts for which you can encode. |
| 41 | + |
| 42 | +Happy Encoding! |
| 43 | + |
| 44 | +News |
| 45 | +---- |
| 46 | +### 2014-03-31 - Documentation updated |
| 47 | +Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use! |
| 48 | + |
| 49 | +### 2014-01-30 - Version 1.1.1 released |
| 50 | +We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder. |
| 51 | + |
| 52 | +### 2013-02-14 - Version 1.1 released |
| 53 | +We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library. |
0 commit comments