org.owasp.esapi.codecs.package.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of esapi Show documentation
Show all versions of esapi Show documentation
The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP website. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
This package contains codecs for application layer encoding/escaping schemes that can be used for
both canonicalization and output encoding. By using the codecs to decode (canonicalize) input
before validation, many attacks can be detected and handled. By using the codecs to encode
untrusted data before sending it to an interpreter, a wide variety of 'injection' attacks can
be stopped. However,
this package does not currently address issues related to converting between byte-streams and
internal character representations, such as overlong UTF-8 issues. Those are left to the platform.
The codecs cover protocol encodings such as HTML entity encoding and percent encoding, but also
common product escaping schemes, such as Unix, Windows, MySQL, and Oracle.
© 2015 - 2024 Weber Informatics LLC | Privacy Policy