[
https://issues.apache.org/jira/browse/SLING-3665?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dan Klco resolved SLING-3665.
-----------------------------
Resolution: Fixed
Added basic tag for encoding text based on OWASP standards.
> Support XSS Encoding
> --------------------
>
> Key: SLING-3665
> URL: https://issues.apache.org/jira/browse/SLING-3665
> Project: Sling
> Issue Type: Bug
> Components: Scripting
> Affects Versions: Scripting JSP-Taglib 2.2.0
> Reporter: Dan Klco
> Assignee: Dan Klco
> Priority: Minor
> Labels: patch
> Fix For: Scripting JSP-Taglib 2.2.2
>
> Attachments: SLING-3665.diff
>
>
> I'd propose we should support proper XSS encoding through the Sling JSP
> Taglib. Nothing too elaborate, just more than is provided by the JSTL
> Commons Out tag as that's not sufficient to provide true XSS protection.
> I'll attach a patch with a new tag which uses the OWASP ESAPI's encoder
> service to encode content in several different ways depending on how it
> should be used. This API is available under the BSD license, so I believe it
> is compatible.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
