|
|
| (18 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | = Main =
| + | #REDIRECT [[OWASP_Java_Encoder_Project]] |
| − | '''Welcome to the OWASP Java Encoder Project'''
| |
| − | | |
| − | {{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
| |
| − | | |
| − | | project_name = OWASP Java Encoder Project
| |
| − | | |
| − | | project_home_page = OWASP Java Encoder Project
| |
| − | | |
| − | | project_description =
| |
| − | *This project is a simple-to-use drop-in encoder class with little baggage.
| |
| − | *This code was designed for high-availability/high-performance encoding functionality.
| |
| − | *The key motivation for the separate project was:
| |
| − | # Simple drop-in encoding functionality | |
| − | # Redesigned for performance
| |
| − | # More complete API (uri and uri component encoding, etc) in some regards.
| |
| − | *This is a Java 1.5 project.
| |
| − | | |
| − | | project_license = [http://www.opensource.org/licenses/bsd-license.php New BSD License]
| |
| − | | |
| − | | leader_name1 = Jeff Ichnowski
| |
| − | | |
| − | | leader_username1 = Jeff_Ichnowski
| |
| − | | |
| − | | contributor_name1 = Jim Manico
| |
| − | | |
| − | | contributor_username1 = Jmanico
| |
| − | | |
| − | | pamphlet_link =
| |
| − | | |
| − | | presentation_link =
| |
| − | | |
| − | | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-java-encoder-project
| |
| − | | |
| − | | project_road_map = http://www.owasp.org/index.php/OWASP_Java_Encoder_Project/Roadmap
| |
| − | | |
| − | | links_url1 = http://code.google.com/p/owasp-java-encoder/
| |
| − | | links_name1 = http://code.google.com/p/owasp-java-encoder/
| |
| − | | |
| − | | links_url2 =
| |
| − | | links_name2 =
| |
| − | | |
| − | | release_1 = http://code.google.com/p/owasp-java-encoder/
| |
| − | | release_2 =
| |
| − | | release_3 =
| |
| − | | release_4 =
| |
| − | <!--- The line below is for GPC usage only. Please do not edit it --->
| |
| − | | project_about_page = Projects/OWASP Java Encoder Project
| |
| − | }}
| |
| − | | |
| − | = Usage =
| |
| − | | |
| − | <b>To build: checkout and run "mvn package" (using maven 2.0 or 3.0)<b>
| |
| − | | |
| − | to use, the general API pattern is
| |
| − | "Encode.forContextName(untrustedData)", where "ContextName" is the
| |
| − | name of the target context.
| |
| − | | |
| − | e.g. in a JSP
| |
| − | | |
| − | <input type="text" name="data" value="<%=
| |
| − | Encode.forHtmlAttribute(dataValue) %>" />
| |
| − | | |
| − | <textarea name="text"><%= Encode.forHtmlContent(textValue) %>" />
| |
| − | | |
| − | Generally Encode.forHtml(...) is safe but slightly less efficient for
| |
| − | the above two contexts (since it encodes more characters than
| |
| − | necessary).
| |
| − | | |
| − | For JavaScript string data, here's some more examples:
| |
| − | | |
| − | <button onclick="alert('<%= Encode.forJavaScriptAttribute(alertMsg)
| |
| − | %>');">click me</button>
| |
| − | | |
| − | <script type="text/javascript">
| |
| − | var msg = "<%= Encode.forJavaScriptBlock(message) %>";
| |
| − | alert(msg);
| |
| − | </script>
| |
| − | | |
| − | Again generally Encode.forJavaScript is safe for the above two
| |
| − | context, but slightly less efficient since it encodes more characters.
| |
| − | | |
| − | Other contexts can be found in the org.owasp.Encode class methods,
| |
| − | including CSS strings, CSS urls, XML contexts, URIs and URI
| |
| − | components. Additional contexts can be added before rel 1.0 if you
| |
| − | have any ideas.
| |
| − | | |
| − | | |
| − | __NOTOC__ <headertabs />
| |
