This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Java Encoder Project"
From OWASP
m (Add link to JavaDoc) |
(adding warning) |
||
Line 6: | Line 6: | ||
==OWASP Java Encoder Project == | ==OWASP Java Encoder Project == | ||
− | The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting! | + | The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting! |
− | Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts (primarily JavaScript) are injected into otherwise trusted web sites. You can read more about Cross Site Scripting here: [[Cross-site_Scripting_%28XSS%29]]. One of the primary defenses to stop Cross Site Scripting is a technique called <i>Contextual Output Encoding</i>. | + | Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts (primarily JavaScript) are injected into otherwise trusted web sites. You can read more about Cross Site Scripting here: [[Cross-site_Scripting_%28XSS%29]]. One of the primary defenses to stop Cross Site Scripting is a technique called <i>Contextual Output Encoding</i>. <b>WARNING</b>: Please note that XSS prevention requires other defensive strategies besides encoding! For more information, please read about Cross Site Scripting prevention here: [[XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet]]. |
As of February 2017 there are no issues submitted against this project! [https://github.com/OWASP/owasp-java-encoder/issues https://github.com/OWASP/owasp-java-encoder/issues]. We actively track project issues and seek to remediate any issues that arise. The project owners feel this project is stable and ready for production use and are seeking project status promotion. | As of February 2017 there are no issues submitted against this project! [https://github.com/OWASP/owasp-java-encoder/issues https://github.com/OWASP/owasp-java-encoder/issues]. We actively track project issues and seek to remediate any issues that arise. The project owners feel this project is stable and ready for production use and are seeking project status promotion. |