The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
This is the result of my testing some of the Encode static methods from a new Clojure wrapper library that I plan to soon be releasing. There are no actual code changes here.
Note that places like forCssString(String) where it said that '(' and ')' were encoded, but they are not. There are also other places (e.g., forUriComponent(String)) where it said a character was NOT encoded (e.g., '@' for the case just mentioned), but it was. I will leave it up to you if you wish to adjust any of your JUnit tests.
Lastly, there were a few minor additions that I consider as improvements, especially to novices, such as a reference to the Cross-Site Scripting Prevention Cheat Sheet, adding cross-reference links in a few places, etc.
Close issue #51
This is the result of my testing some of the Encode static methods from a new Clojure wrapper library that I plan to soon be releasing. There are no actual code changes here.
Note that places like
forCssString(String)where it said that '(' and ')' were encoded, but they are not. There are also other places (e.g.,forUriComponent(String)) where it said a character was NOT encoded (e.g., '@' for the case just mentioned), but it was. I will leave it up to you if you wish to adjust any of your JUnit tests.Lastly, there were a few minor additions that I consider as improvements, especially to novices, such as a reference to the Cross-Site Scripting Prevention Cheat Sheet, adding cross-reference links in a few places, etc.