Skip to content
Jim Manico edited this page Sep 23, 2017 · 15 revisions

Table of Contents

Executive Overview

The OWASP Java Encoder provides:

  • Output Encoding functions to help stop XSS
  • Java 1.5+ standalone library

Introduction

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts (primarily JavaScript) are injected into otherwise trusted web sites. You can read more about Cross Site Scripting here. One of the primary defenses to stop Cross Site Scripting is a technique called Contextual Output Encoding. You can read more about Cross Site Scripting prevention here.

Contextual Output Encoding

Contextual Output Encoding is a computer programming technique necessary to stop Cross Site Scripting. This project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. It provides numerous encoding functions to help defend against XSS in a variety of different HTML, JavaScript, XML and CSS contexts.

Getting Started

The OWASP Java Encoder library is intended for quick contextual encoding with very little overhead, either in performance or usage. To get started, simply add the encoder-1.2.jar, import org.owasp.encoder.Encode and start encoding.

Please look at the javadoc for Encode to see the variety of contexts for which you can encode. Tag libraries and JSP EL functions can be found in the encoder-jsp-1.2.jar.

Licensing

The OWASP Java Encoder is free to use under the New BSD License.

Mailing List

Java Encoder Mailing List

Project Leaders

Lead Author: Jeff Ichnowski jeff.ichnowski@gmail.com
Jeremy Long jeremy.long@owasp.org
Jim Manico jim.manico@owasp.org

Quick Download

News and Events

  • (Feb 2017) 1.2.1 Released
  • (Apr 2015) 1.2 Released
  • (Apr 2015) Moved to GitHub
  • (Feb 2015) Removed ThreadLocal use from trunk
  • (20 Mar 2014) Doc additions
  • (5 Feb 2014) New Wiki
  • (4 Feb 2014) 1.1.1 Released
You can’t perform that action at this time.