No description, website, or topics provided.
Shell Java Batchfile HTML
Switch branches/tags
Nothing to show
Clone or download
Latest commit 6e38815 Oct 13, 2015
Permalink
Failed to load latest commit information.
spring-jackson-owasp-boot Initial Oct 13, 2015
spring-jackson-owasp-java Initial Oct 13, 2015
spring-jackson-owasp-xml Initial Oct 13, 2015
.gitignore Initial Oct 13, 2015
README.adoc Initial Oct 13, 2015

README.adoc

OWASP JSON

This demonstrates how to configure Spring applications to encode JSON rather than simply escaping it as recommended by OWASP XSS cheat sheet. Specifically it states JavaScript should be encoded as

Except for alphanumeric characters, escape all characters with the \uXXXX unicode escaping format (X = Integer).
  • spring-jackson-owasp-boot - A Spring Boot application that escaping all non-alphanumeric characters with unicode with Jackson

  • spring-jackson-owasp-java - A Spring Java configuration application that escaping all non-alphanumeric characters with unicode with Jackson

  • spring-jackson-owasp-xml - A Spring XML configuration application that escaping all non-alphanumeric characters with unicode with Jackson