This file is part of the Open Web Application Security Project (OWASP) Enterprise Security API (ESAPI) project. For details, please see https://owasp.org/www-project-enterprise-security-api/.
Copyright (c) 2008 - The OWASP Foundation
The ESAPI is published by OWASP under the BSD license. You should read and accept the LICENSE before you use, modify, and/or redistribute this software.
This project is no longer supported. It is known to be potentially affected by a vulnerability in 'bower' (specifically, CVE-2019-5484). This vulnerability could be addressed by upgrading ESAPI-JS to use bower 1.8.8 or later, however this has been tried and resulted in deployment problems when using NPM. See the ensuing discussion for PR#29 for details.
If you would like to support project, please contact one or both of the ESAPI project leaders listed on the OWASP ESAPI wiki page. They can unarchive it for you.
$ npm install --save-dev ESAPI-JS
<!-- esapi4js dependencies --><script type="text/javascript" language="JavaScript" src="https://github.com/ESAPI/owasp-esapi-js/raw/master/{your_installation_path}/esapi4js/lib/log4js.js"></script>
<!-- esapi4js i18n resources -->
<script type="text/javascript" language="JavaScript" src="https://github.com/ESAPI/owasp-esapi-js/raw/master/{your_installation_path}/esapi4js/resources/i18n/ESAPI_Standard_en_US.properties.js"></script>
<!-- esapi4js configuration -->
<script type="text/javascript" language="JavaScript" src="https://github.com/ESAPI/owasp-esapi-js/raw/master/{your_installation_path}/esapi4js/resources/Base.esapi.properties.js"></script>
<!-- esapi4js core -->
<script type="text/javascript" language="JavaScript" src="https://github.com/ESAPI/owasp-esapi-js/raw/master/{your_installation_path}/esapi4js/esapi.js"></script>
<script type="text/javascript" language="JavaScript">
// Set any custom configuration options here or in an external js file that gets sourced in above.
Base.esapi.properties.logging['ApplicationLogger'] = {
Level: org.owasp.esapi.Logger.ALL,
Appenders: [ new Log4js.ConsoleAppender() ],
LogUrl: true,
LogApplicationName: true,
EncodingRequired: true
};
Base.esapi.properties.application.Name = "My Application v1.0";
// Initialize the api
org.owasp.esapi.ESAPI.initialize();
// Using the logger
$ESAPI.logger().getLogger('ApplicationLogger').info(org.owasp.esapi.Logger.EventType.EVENT_SUCCESS, 'This is a test message');
// Using the encoder
document.writeln( $ESAPI.encoder().encodeForHTML( "<a href=\"http://owasp-esapi-js.googlecode.com\">Check out esapi4js</a>" ) );
// Using the validator
var validateCreditCard = function() {
return $ESAPI.validator().isValidCreditCard( $('CreditCard').value );
}
</script>`
BSD