owasp-java-encoder
owasp-java-encoder copied to clipboard
OWASP
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site...
We are currently migrating our Spring Boot application to version 3.0. In [Spring Boot 3.0 they've migrated all dependencies from Java EE to Jakarta EE APIs](https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#jakarta-ee). Now Jakarta EE 10...
The current `toXML` method escapes for XML 1.0. Specifically the difference is that XML1.1 allows all characters `[#x1-#x1F]`, whereas XML 1.0 only allows some of these. As an aside, the...
Currently the `Encode.forHtmlAttribute` JavaDocs contain [this JSP example](/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/Encode.java#L246): ``` ``` I guess this may be secure, but imho it does not reflect the intention of this method. How about using...