Not sure you understand what @Encoded does.  It just means you want the 
RAW parameter.  For example  "/Hello World" must be encoded as 

So, if you had "/{text}"

@PathParam("text") String decoded,
@Encoded @PathParam("text") String encoded

decoded = "Hello World"
encoded = "Hello%20World"

If you are worried about XSS, then you should probably:

a) Not have REST services that output application/javascript
b) Implement CORS in your app.

On 12/10/2013 6:48 AM, John D. Ament wrote:
> Hi all,
> Wanted to get your opinions.  What is the right time to use @Encoded?
>   Purely from a security scan standpoint, a number of places in my
> coded were picked up for XSS, and I'm wondering if annotating these
> endpoints with @Encoded would help.
> John
> ------------------------------------------------------------------------------
> Sponsored by Intel(R) XDK
> Develop, test and display web and hybrid apps with a single code base.
> Download it for free now!
> _______________________________________________
> Resteasy-users mailing list

Bill Burke
JBoss, a division of Red Hat

Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
Resteasy-users mailing list

Reply via email to