Hello All:
I have a fully functioning embedded jetty application.
I would now like to package it in an executable jar file.
I do not use maven or ant. It is built using a makefile.
I have a manifest file containing the needed jar files etc.
I can build the executable jar file. However the problem
On 05/03/2018 21:01, Alexander Farber wrote:
Good evening,
what would be a method in Jetty to escape HTML characters in a String?
OWASP has an easy-to-use Encoder class:
https://www.owasp.org/index.php/OWASP_Java_Encoder_Project
The OWASP XSS prevention cheat sheet is also worth a read:
https
Using makefile you'll have a lot of extra work to do with merging various
files for this executable jar (aka uber-jar).
There are 2 example projects we maintain, but they use maven and the
various plugins that do the merging for us in a smart fashion.
If you are working with ServletContextHandler
Escaping text can be rather complicated.
Some things to think about (not exhaustive):
* Escaping HTML/XHTML/XML?
* Do you want/need an HTML parser?
* Do you escape it all/some (eg: allow "" but not the rest)?
* Do you escape Unicode? if so, to what target (form encoding? url
encoding? other?)
* W