This demonstrates how to configure Spring applications to encode JSON rather than simply escaping it as recommended by OWASP XSS cheat sheet. Specifically it states JavaScript should be encoded as
Except for alphanumeric characters, escape all characters with the \uXXXX unicode escaping format (X = Integer).
-
spring-jackson-owasp-boot - A Spring Boot application that escaping all non-alphanumeric characters with unicode with Jackson
-
spring-jackson-owasp-java - A Spring Java configuration application that escaping all non-alphanumeric characters with unicode with Jackson
-
spring-jackson-owasp-xml - A Spring XML configuration application that escaping all non-alphanumeric characters with unicode with Jackson