{"id":13539587,"url":"https://github.com/owasp/owasp-java-encoder","last_synced_at":"2025-04-02T06:31:08.707Z","repository":{"id":29555765,"uuid":"33094979","full_name":"OWASP/owasp-java-encoder","owner":"OWASP","description":"The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!","archived":false,"fork":false,"pushed_at":"2025-03-10T23:41:07.000Z","size":1678,"stargazers_count":511,"open_issues_count":3,"forks_count":114,"subscribers_count":49,"default_branch":"main","last_synced_at":"2025-03-11T00:27:56.306Z","etag":null,"topics":["defense","encoding","java","xss"],"latest_commit_sha":null,"homepage":"https://owasp.org/www-project-java-encoder/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-30T00:16:37.000Z","updated_at":"2025-03-10T23:41:12.000Z","dependencies_parsed_at":"2024-06-19T06:11:37.033Z","dependency_job_id":"79d42cff-6ce8-4069-ba2b-6b95719aff5e","html_url":"https://github.com/OWASP/owasp-java-encoder","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fowasp-java-encoder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fowasp-java-encoder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fowasp-java-encoder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fowasp-java-encoder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/owasp-java-encoder/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767782,"owners_count":20830555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["defense","encoding","java","xss"],"created_at":"2024-08-01T09:01:28.390Z","updated_at":"2025-04-02T06:31:03.698Z","avatar_url":"https://github.com/OWASP.png","language":"Java","readme":"OWASP Java Encoder Project\n==========================\n\n![Build Status](https://github.com/OWASP/owasp-java-encoder/actions/workflows/build.yaml/badge.svg?branch=main) [![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![javadoc](https://javadoc.io/badge2/org.owasp.encoder/encoder/javadoc.svg)](https://javadoc.io/doc/org.owasp.encoder/encoder)\n\nContextual Output Encoding is a computer programming technique necessary to stop\nCross-Site Scripting. This project is a Java 1.8+ simple-to-use drop-in high-performance\nencoder class with little baggage.\n\nFor more detailed documentation on the OWASP Javca Encoder please visit https://owasp.org/www-project-java-encoder/.\n\nStart using the OWASP Java Encoders\n-----------------------------------\nYou can download a JAR from [Maven Central](https://search.maven.org/#search|ga|1|g%3A%22org.owasp.encoder%22%20a%3A%22encoder%22).\n\nJSP tags and EL functions are available in the encoder-jsp, also available:\n- [encoder-jakarta-jsp](http://search.maven.org/remotecontent?filepath=org/owasp/encoder/encoder-jakarta-jsp/1.2.3/encoder-jakarta-jsp-1.2.3.jar) - Servlet Spec 5.0\n- [encoder-jsp](http://search.maven.org/remotecontent?filepath=org/owasp/encoder/encoder-jsp/1.2.3/encoder-jsp-1.2.3.jar) - Servlet Spec 3.0\n\nThe jars are also available in Central:\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003eorg.owasp.encoder\u003c/groupId\u003e\n    \u003cartifactId\u003eencoder\u003c/artifactId\u003e\n    \u003cversion\u003e1.3.0\u003c/version\u003e\n\u003c/dependency\u003e\n\n\u003c!-- using Servlet Spec 5 in the jakarta.servlet package use: --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eorg.owasp.encoder\u003c/groupId\u003e\n    \u003cartifactId\u003eencoder-jakarta-jsp\u003c/artifactId\u003e\n    \u003cversion\u003e1.3.0\u003c/version\u003e\n\u003c/dependency\u003e\n\n\u003c!-- using the Legacy Servlet Spec in the javax.servlet package use: --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eorg.owasp.encoder\u003c/groupId\u003e\n    \u003cartifactId\u003eencoder-jsp\u003c/artifactId\u003e\n    \u003cversion\u003e1.3.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nQuick Overview\n--------------\nThe OWASP Java Encoder library is intended for quick contextual encoding with very little\noverhead, either in performance or usage. To get started, simply add the encoder-1.2.3.jar,\nimport org.owasp.encoder.Encode and start using.\n\nExample usage:\n\n```java\n    PrintWriter out = ....;\n    out.println(\"\u003ctextarea\u003e\"+Encode.forHtml(userData)+\"\u003c/textarea\u003e\");\n```\n\nPlease look at the javadoc for Encode to see the variety of contexts for which you can encode.\n\nHappy Encoding!\n\nBuilding\n--------\n\nDue to test cases for the `encoder-jakarta-jsp` project Java 17 is required to package and test\nthe project. Simply run:\n\n```shell\nmvn package\n```\n\nTo run the Jakarta JSP intgration test, to validate that the JSP Tags and EL work correctly run:\n\n```shell\nmvn verify -PtestJakarta\n```\n\n* Note that the above test may fail on modern Apple silicon.\n\nJava 9+ Module Names\n--------------------\n\n| JAR                 | Module Name           |\n|---------------------|-----------------------|\n| encoder             | owasp.encoder         |\n| encoder-jakarta-jsp | owasp.encoder.jakarta |\n| encoder-jsp         | owasp.encoder.jsp     |\n| encoder-espai       | owasp.encoder.esapi   |\n\n\nTagLib\n--------------------\n\n| Lib                 | TagLib                                                                                        |\n|---------------------|-----------------------------------------------------------------------------------------------|\n| encoder-jakarta-jsp | \u0026lt;%@taglib prefix=\"e\" uri=\"owasp.encoder.jakarta\"%\u0026gt;                                      |\n| encoder-jsp         | \u0026lt;%@taglib prefix=\"e\" uri=\"https://www.owasp.org/index.php/OWASP_Java_Encoder_Project\"%\u0026gt; |\n\n\nNews\n----\n### 2024-08-20 - 1.3.1 Release\nThe team is happy to announce that version 1.3.1 has been released!\n* fix: add OSGi related entries in the MANIFEST.MF file (#82).\n* fix: java.lang.NoSuchMethodError when running on Java 8 (#80).\n\n### 2024-08-02 - 1.3.0 Release\nThe team is happy to announce that version 1.3.0 has been released!\n* Minimum JDK Requirement is now Java 8\n  - Requires Java 17 to build due to test case dependencies.\n* Adds Java 9 Module name via Multi-Release Jars (#77).\n* Fixed compilation errors with the ESAPI Thunk (#76).\n* Adds support for Servlet Spec 5 using the `jakarta.servlet.*` (#75).\n  - taglib : \u0026lt;%@taglib prefix=\"e\" uri=\"owasp.encoder.jakarta\"%\u0026gt;\n\n### 2020-11-08 - 1.2.3 Release\nThe team is happy to announce that version 1.2.3 has been released! \n* Update to  make the manifest OSGi-compliant (#39).\n* Update to support ESAPI 2.2 and later (#37).\n\n### 2018-09-14 - 1.2.2 Release\nThe team is happy to announce that version 1.2.2 has been released! \n* This is a minor release fixing documentation and licensing issues.\n\n### 2017-02-19 - 1.2.1 Release\nThe team is happy to announce that version 1.2.1 has been released! \n* The CDATA Encoder was modified so that it does not emit intermediate characters between adjacent CDATA sections.\n* The documentation on [gh-pages](http://owasp.github.io/owasp-java-encoder/) has been improved.\n\n### 2015-04-12 - 1.2 Release on GitHub\nOWASP Java Encoder has been moved to GitHub. Version 1.2 was also released!\n\n### 2014-03-31 - Documentation updated\nPlease visit https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project to see detailed documentation and examples on each API use!\n\n### 2014-01-30 - Version 1.1.1 released\nWe're happy to announce that version 1.1.1 has been released. Along with a important bug fix, we added ESAPI integration to replace the legacy ESAPI encoders with the OWASP Java Encoder.\n\n### 2013-02-14 - Version 1.1 released\nWe're happy to announce that version 1.1 has been released. Along with a few minor encoding enhancements, we improved performance, and added a JSP tag and function library.\n","funding_links":[],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"8e1069b2bce90b87eea762ee3d0935d8\"\u003e\u003c/a\u003eOWASP"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fowasp-java-encoder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowasp%2Fowasp-java-encoder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fowasp-java-encoder/lists"}