No description, website, or topics provided.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
spring-jackson-owasp-boot
spring-jackson-owasp-java
spring-jackson-owasp-xml
.gitignore
README.adoc

README.adoc

OWASP JSON

This demonstrates how to configure Spring applications to encode JSON rather than simply escaping it as recommended by OWASP XSS cheat sheet. Specifically it states JavaScript should be encoded as

Except for alphanumeric characters, escape all characters with the \uXXXX unicode escaping format (X = Integer).
  • spring-jackson-owasp-boot - A Spring Boot application that escaping all non-alphanumeric characters with unicode with Jackson

  • spring-jackson-owasp-java - A Spring Java configuration application that escaping all non-alphanumeric characters with unicode with Jackson

  • spring-jackson-owasp-xml - A Spring XML configuration application that escaping all non-alphanumeric characters with unicode with Jackson