Shiro, What a fantastic project. I applaud your efforts!
I would like to suggest that Shiro implements an encoding library to stop injection attacks.
Specific to Cross Site Scripting: encodeForHTML, encodeForHTMLAttribute, encodeForJavaScriptVariable, encodeForCSSValue, etc.
Specific to Command Injection: encodeForOS, etc. Etc. Does this interest the project in any way? PS: Apache probably also needs an encoding-commons, I dare say. Does this sound interesting or appropriate? Aloha, -- Jim Manico Connections Committee Chair Cheatsheet Series Product Manager OWASP Podcast Producer/Host [email protected] www.owasp.org
