Google Git
Sign in
android / platform / external / owasp / java-encoder

Bug: 272065050

Clone this repo:

Branches

More...

Tags

More...
  1. 068afa5 [automerger skipped] [automerged blank] Add OwaspJavaEncoderTestCases and TEST_MAPPING 2p: 616fc402e2 am: b6d8419060 -s ours am: 18453a5431 -s ours by Andrew Vuong · 1 year, 1 month ago android14-qpr2-release android14-qpr2-s1-release android14-qpr2-s2-release android14-qpr2-s3-release main master android-14.0.0_r29 android-14.0.0_r30 android-14.0.0_r31 android-14.0.0_r32 android-14.0.0_r33
  2. 9232559 [automerger skipped] [automerged blank] Add OwaspJavaEncoderTestCases and TEST_MAPPING 2p: 616fc402e2 am: b6d8419060 -s ours am: 91a73e141c -s ours by Andrew Vuong · 1 year, 1 month ago
  3. 18453a5 [automerger skipped] [automerged blank] Add OwaspJavaEncoderTestCases and TEST_MAPPING 2p: 616fc402e2 am: b6d8419060 -s ours by Andrew Vuong · 1 year, 1 month ago android14-qpr1-release android14-qpr1-s2-release android-14.0.0_r16 android-14.0.0_r17 android-14.0.0_r18 android-14.0.0_r19 android-14.0.0_r20 android-14.0.0_r21 android-14.0.0_r22 android-14.0.0_r23 android-14.0.0_r24 android-14.0.0_r25 android-14.0.0_r26 android-14.0.0_r27
  4. 91a73e1 [automerger skipped] [automerged blank] Add OwaspJavaEncoderTestCases and TEST_MAPPING 2p: 616fc402e2 am: b6d8419060 -s ours by Andrew Vuong · 1 year, 1 month ago aml_tz5_341510010 android14-mainline-appsearch-release aml_ase_340913000 aml_ase_341113000 aml_ase_341310010 aml_ase_341410000 aml_ase_341510000 aml_cfg_341510000 aml_neu_341010000 aml_neu_341010080 aml_neu_341510000 aml_odp_341610000 aml_sch_341510000 aml_tz5_341510010 aml_tz5_341510050 aml_tz5_341510070
  5. f775ff4 [automerger skipped] [automerged blank] Initial import of owasp-java-encoder from upstream main 2p: 6a30958ac7 am: 2cf43d3194 -s ours am: 41619ec22f -s ours by Andrew Vuong · 1 year, 1 month ago

OWASP Java Encoder Project

Build Status License javadoc

Contextual Output Encoding is a computer programming technique necessary to stop Cross-Site Scripting. This project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with little baggage.

For more detailed documentation on the OWASP Javca Encoder please visit https://owasp.org/www-project-java-encoder/.

Start using the OWASP Java Encoders

You can download a JAR from Maven Central.

JSP tags and EL functions are available in the encoder-jsp, also available in Central.

The jars are also available in Maven:

<dependency>
    <groupId>org.owasp.encoder</groupId>
    <artifactId>encoder</artifactId>
    <version>1.2.3</version>
</dependency>

<dependency>
    <groupId>org.owasp.encoder</groupId>
    <artifactId>encoder-jsp</artifactId>
    <version>1.2.3</version>
</dependency>

Quick Overview

The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.2.3.jar, import org.owasp.encoder.Encode and start using.

Example usage:

    PrintWriter out = ....;
    out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>");

Please look at the javadoc for Encode to see the variety of contexts for which you can encode.

Happy Encoding!

News

2020-11-08 - 1.2.3 Release

The team is happy to announce that version 1.2.3 has been released!

  • Update to make the manifest OSGi-compliant (#39).
  • Update to support ESAPI 2.2 and later (#37).

2018-09-14 - 1.2.2 Release

The team is happy to announce that version 1.2.2 has been released!

  • This is a minor release fixing documentation and licensing issues.

2017-02-19 - 1.2.1 Release

The team is happy to announce that version 1.2.1 has been released!

  • The CDATA Encoder was modified so that it does not emit intermediate characters between adjacent CDATA sections.
  • The documentation on gh-pages has been improved.

2015-04-12 - 1.2 Release on GitHub

OWASP Java Encoder has been moved to GitHub. Version 1.2 was also released!

2014-03-31 - Documentation updated

Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use!

2014-01-30 - Version 1.1.1 released

We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder.

2013-02-14 - Version 1.1 released

We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library.