Projects/OWASP Java Encoder Project

= Main =

= Build the Java Encoder Project =

checkout and run "mvn package" (using maven 2.0 or 3.0)

= Use the Java Encoder Project =

The general API pattern to utilize the Java Encoder Project is "Encode.forContextName(untrustedData)", where "ContextName" is the name of the target context and "untrustedData" in untrusted user input.

For example, to use in a JSP
" />

 <%= Encode.forHtmlContent(textValue) %>" />

Generally Encode.forHtml(...) is safe but slightly less efficient for the above two contexts (since it encodes more characters than necessary).

For JavaScript string data
');">click me 

  var msg = "<%= Encode.forJavaScriptBlock(message) %>"; alert(msg); 

Again generally Encode.forJavaScript is safe for the above two context, but slightly less efficient since it encodes more characters.

Other Contexts
Other contexts can be found in the org.owasp.Encode class methods, including CSS strings, CSS urls, XML contexts, URIs and URI components.