JSP Encoder

The OWASP Encoder JSP package contains JSP tag definitions and TLDs to allow easy use of the OWASP Encoder Project's core API. The TLDs contain both tag definitions and JSP EL functions.

License

License

Categories

Categories

Jakarta Server Pages Jakarta EE The Web Tier
GroupId

GroupId

org.owasp.encoder
ArtifactId

ArtifactId

encoder-jsp
Last Version

Last Version

1.2.3
Release Date

Release Date

Type

Type

jar
Description

Description

JSP Encoder
The OWASP Encoder JSP package contains JSP tag definitions and TLDs to allow easy use of the OWASP Encoder Project's core API. The TLDs contain both tag definitions and JSP EL functions.
Project Organization

Project Organization

OWASP (Open Web-Application Security Project)

Download encoder-jsp

How to add to project

<!-- https://jarcasting.com/artifacts/org.owasp.encoder/encoder-jsp/ -->
<dependency>
    <groupId>org.owasp.encoder</groupId>
    <artifactId>encoder-jsp</artifactId>
    <version>1.2.3</version>
</dependency>
// https://jarcasting.com/artifacts/org.owasp.encoder/encoder-jsp/
implementation 'org.owasp.encoder:encoder-jsp:1.2.3'
// https://jarcasting.com/artifacts/org.owasp.encoder/encoder-jsp/
implementation ("org.owasp.encoder:encoder-jsp:1.2.3")
'org.owasp.encoder:encoder-jsp:jar:1.2.3'
<dependency org="org.owasp.encoder" name="encoder-jsp" rev="1.2.3">
  <artifact name="encoder-jsp" type="jar" />
</dependency>
@Grapes(
@Grab(group='org.owasp.encoder', module='encoder-jsp', version='1.2.3')
)
libraryDependencies += "org.owasp.encoder" % "encoder-jsp" % "1.2.3"
[org.owasp.encoder/encoder-jsp "1.2.3"]

Dependencies

compile (1)

Group / Artifact Type Version
org.owasp.encoder : encoder jar 1.2.3

provided (1)

Group / Artifact Type Version
javax.servlet.jsp : javax.servlet.jsp-api jar 2.2.1

test (4)

Group / Artifact Type Version
javax.servlet : javax.servlet-api jar 3.0.1
org.springframework : spring-test jar 5.1.3.RELEASE
org.springframework : spring-core jar 5.1.3.RELEASE
junit : junit jar 3.8.2

Project Modules

There are no modules declared in this project.

OWASP Java Encoder Project

Build Status License

Contextual Output Encoding is a computer programming technique necessary to stop Cross-Site Scripting. This project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with little baggage.

Start using the OWASP Java Encoders

You can download a JAR from Maven Central.

JSP tags and EL functions are available in the encoder-jsp, also available in Central.

The jars are also available in Maven:

<dependency>
    <groupId>org.owasp.encoder</groupId>
    <artifactId>encoder</artifactId>
    <version>1.2.3</version>
</dependency>

<dependency>
    <groupId>org.owasp.encoder</groupId>
    <artifactId>encoder-jsp</artifactId>
    <version>1.2.3</version>
</dependency>

Quick Overview

The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.2.3.jar, import org.owasp.encoder.Encode and start using.

Example usage:

    PrintWriter out = ....;
    out.println("<textarea>"+Encode.forHtml(userData)+"</textarea>");

Please look at the javadoc for Encode to see the variety of contexts for which you can encode.

Happy Encoding!

News

2020-11-08 - 1.2.3 Release

The team is happy to announce that version 1.2.3 has been released!

  • Update to make the manifest OSGi-compliant (#39).
  • Update to support ESAPI 2.2 and later (#37).

2018-09-14 - 1.2.2 Release

The team is happy to announce that version 1.2.2 has been released!

  • This is a minor release fixing documentation and licensing issues.

2017-02-19 - 1.2.1 Release

The team is happy to announce that version 1.2.1 has been released!

  • The CDATA Encoder was modified so that it does not emit intermediate characters between adjacent CDATA sections.
  • The documentation on gh-pages has been improved.

2015-04-12 - 1.2 Release on GitHub

OWASP Java Encoder has been moved to GitHub. Version 1.2 was also released!

2014-03-31 - Documentation updated

Please visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use!

2014-01-30 - Version 1.1.1 released

We're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder.

2013-02-14 - Version 1.1 released

We're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library.

org.owasp.encoder

OWASP

The OWASP Foundation

Versions

Version
1.2.3
1.2.2
1.2.1
1.2
1.1.1
1.1