Not sure you understand what @Encoded does. It just means you want the RAW parameter. For example "/Hello World" must be encoded as "/Hello%20World"
So, if you had "/{text}" @PathParam("text") String decoded, @Encoded @PathParam("text") String encoded decoded = "Hello World" encoded = "Hello%20World" If you are worried about XSS, then you should probably: a) Not have REST services that output application/javascript b) Implement CORS in your app. On 12/10/2013 6:48 AM, John D. Ament wrote: > Hi all, > > Wanted to get your opinions. What is the right time to use @Encoded? > Purely from a security scan standpoint, a number of places in my > coded were picked up for XSS, and I'm wondering if annotating these > endpoints with @Encoded would help. > > John > > ------------------------------------------------------------------------------ > Sponsored by Intel(R) XDK > Develop, test and display web and hybrid apps with a single code base. > Download it for free now! > http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk > _______________________________________________ > Resteasy-users mailing list > Resteasy-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/resteasy-users > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users