Coverity Security Library (CSL) is a lightweight set of escaping routines for fixing cross-site scripting (XSS), SQL injection, and other security defects in Java web applications.
The current implementation does not JS string escape '%' and this can cause issues when the wrong sequence of escapers are used in a javascript: URI.
The recommendation is to JS string escape -> URI encode -> HTML escape, but when adding % to JS string escape, we can factor out the URI encoder.
The current implementation does not JS string escape '%' and this can cause issues when the wrong sequence of escapers are used in a javascript: URI. The recommendation is to JS string escape -> URI encode -> HTML escape, but when adding % to JS string escape, we can factor out the URI encoder.