Not sure you understand what @Encoded does. It just means you want the
RAW parameter. For example "/Hello World" must be encoded as
"/Hello%20World"
So, if you had "/{text}"
@PathParam("text") String decoded,
@Encoded @PathParam("text") String encoded
decoded = "Hello World"
encoded = "Hello%20World"
If you are worried about XSS, then you should probably:
a) Not have REST services that output application/javascript
b) Implement CORS in your app.
On 12/10/2013 6:48 AM, John D. Ament wrote:
> Hi all,
>
> Wanted to get your opinions. What is the right time to use @Encoded?
> Purely from a security scan standpoint, a number of places in my
> coded were picked up for XSS, and I'm wondering if annotating these
> endpoints with @Encoded would help.
>
> John
>
> ------------------------------------------------------------------------------
> Sponsored by Intel(R) XDK
> Develop, test and display web and hybrid apps with a single code base.
> Download it for free now!
> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
> _______________________________________________
> Resteasy-users mailing list
> Resteasy-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
