1OWASP Java Encoder Project 2========================== 3 4 [](https://opensource.org/licenses/BSD-3-Clause) [](https://javadoc.io/doc/org.owasp.encoder/encoder) 5 6Contextual Output Encoding is a computer programming technique necessary to stop 7Cross-Site Scripting. This project is a Java 1.8+ simple-to-use drop-in high-performance 8encoder class with little baggage. 9 10For more detailed documentation on the OWASP Javca Encoder please visit https://owasp.org/www-project-java-encoder/. 11 12Start using the OWASP Java Encoders 13----------------------------------- 14You can download a JAR from [Maven Central](https://search.maven.org/#search|ga|1|g%3A%22org.owasp.encoder%22%20a%3A%22encoder%22). 15 16JSP tags and EL functions are available in the encoder-jsp, also available: 17- [encoder-jakarta-jsp](http://search.maven.org/remotecontent?filepath=org/owasp/encoder/encoder-jakarta-jsp/1.2.3/encoder-jakarta-jsp-1.2.3.jar) - Servlet Spec 5.0 18- [encoder-jsp](http://search.maven.org/remotecontent?filepath=org/owasp/encoder/encoder-jsp/1.2.3/encoder-jsp-1.2.3.jar) - Servlet Spec 3.0 19 20The jars are also available in Central: 21 22```xml 23<dependency> 24 <groupId>org.owasp.encoder</groupId> 25 <artifactId>encoder</artifactId> 26 <version>1.3.0</version> 27</dependency> 28 29<!-- using Servlet Spec 5 in the jakarta.servlet package use: --> 30<dependency> 31 <groupId>org.owasp.encoder</groupId> 32 <artifactId>encoder-jakarta-jsp</artifactId> 33 <version>1.3.0</version> 34</dependency> 35 36<!-- using the Legacy Servlet Spec in the javax.servlet package use: --> 37<dependency> 38 <groupId>org.owasp.encoder</groupId> 39 <artifactId>encoder-jsp</artifactId> 40 <version>1.3.0</version> 41</dependency> 42``` 43 44Quick Overview 45-------------- 46The OWASP Java Encoder library is intended for quick contextual encoding with very little 47overhead, either in performance or usage. To get started, simply add the encoder-1.2.3.jar, 48import org.owasp.encoder.Encode and start using. 49 50Example usage: 51 52```java 53 PrintWriter out = ....; 54 out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>"); 55``` 56 57Please look at the javadoc for Encode to see the variety of contexts for which you can encode. 58 59Happy Encoding! 60 61Building 62-------- 63 64Due to test cases for the `encoder-jakarta-jsp` project Java 17 is required to package and test 65the project. Simply run: 66 67```shell 68mvn package 69``` 70 71To run the Jakarta JSP intgration test, to validate that the JSP Tags and EL work correctly run: 72 73```shell 74mvn verify -PtestJakarta 75``` 76 77* Note that the above test may fail on modern Apple silicon. 78 79Java 9+ Module Names 80-------------------- 81 82| JAR | Module Name | 83|---------------------|-----------------------| 84| encoder | owasp.encoder | 85| encoder-jakarta-jsp | owasp.encoder.jakarta | 86| encoder-jsp | owasp.encoder.jsp | 87| encoder-espai | owasp.encoder.esapi | 88 89 90TagLib 91-------------------- 92 93| Lib | TagLib | 94|---------------------|-----------------------------------------------------------------------------------------------| 95| encoder-jakarta-jsp | <%@taglib prefix="e" uri="owasp.encoder.jakarta"%> | 96| encoder-jsp | <%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project"%> | 97 98 99News 100---- 101### 2024-08-20 - 1.3.1 Release 102The team is happy to announce that version 1.3.1 has been released! 103* fix: add OSGi related entries in the MANIFEST.MF file (#82). 104* fix: java.lang.NoSuchMethodError when running on Java 8 (#80). 105 106### 2024-08-02 - 1.3.0 Release 107The team is happy to announce that version 1.3.0 has been released! 108* Minimum JDK Requirement is now Java 8 109 - Requires Java 17 to build due to test case dependencies. 110* Adds Java 9 Module name via Multi-Release Jars (#77). 111* Fixed compilation errors with the ESAPI Thunk (#76). 112* Adds support for Servlet Spec 5 using the `jakarta.servlet.*` (#75). 113 - taglib : <%@taglib prefix="e" uri="owasp.encoder.jakarta"%> 114 115### 2020-11-08 - 1.2.3 Release 116The team is happy to announce that version 1.2.3 has been released! 117* Update to make the manifest OSGi-compliant (#39). 118* Update to support ESAPI 2.2 and later (#37). 119 120### 2018-09-14 - 1.2.2 Release 121The team is happy to announce that version 1.2.2 has been released! 122* This is a minor release fixing documentation and licensing issues. 123 124### 2017-02-19 - 1.2.1 Release 125The team is happy to announce that version 1.2.1 has been released! 126* The CDATA Encoder was modified so that it does not emit intermediate characters between adjacent CDATA sections. 127* The documentation on [gh-pages](http://owasp.github.io/owasp-java-encoder/) has been improved. 128 129### 2015-04-12 - 1.2 Release on GitHub 130OWASP Java Encoder has been moved to GitHub. Version 1.2 was also released! 131 132### 2014-03-31 - Documentation updated 133Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use! 134 135### 2014-01-30 - Version 1.1.1 released 136We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder. 137 138### 2013-02-14 - Version 1.1 released 139We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library. 140
){kind=link}
){kind=link}
){kind=link}