1## OWASP Java Encoder Project 2 3The OWASP Java Encoder Project is a collection of high-performance low-overhead 4contextual encoders, that when utilized correctly, is an effective tool in 5preventing Web Application security vulnerabilities such as Cross-Site 6Scripting (XSS). 7 8Please see the [OWASP XSS Prevention Cheat Sheet](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet) 9for more information on preventing XSS. 10 11### Usage 12 13In addition to the usage guidance below, more examples can be found on the [OWASP Java Encoder Project Wiki](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project). 14 15The JARs can be found in [Maven Central](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.owasp.encoder%22). 16 17```xml 18<dependency> 19 <groupId>org.owasp.encoder</groupId> 20 <artifactId>encoder</artifactId> 21 <version>1.2.3</version> 22</dependency> 23``` 24 25Utilize the encoder: 26 27```java 28import org.owasp.encoder.Encode; 29 30//... 31 32PrintWriter out = ....; 33out.println("<textarea>" + Encode.forHtml(userData) + "</textarea>"); 34``` 35 36### JSP Usage 37 38The JSP Encoder makes the use of the Java Encoder within JSP simple via a TLD that 39includes tags and a set of JSP EL functions: 40 41```xml 42<dependency> 43 <groupId>org.owasp.encoder</groupId> 44 <artifactId>encoder-jsp</artifactId> 45 <version>1.2.3</version> 46</dependency> 47``` 48 49```JSP 50<%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %> 51 52<%-- ... --%> 53 54<p>Dynamic data via EL: ${e:forHtml(param.value)}</p> 55<p>Dynamic data via tag: <e:forHtml value="${param.value}" /></p> 56``` 57