[Owasp-leaders] Encoding projects at OWASP
jim.manico at owasp.org
Tue Apr 12 11:06:22 EDT 2011
At this point have at least 3 different output encoding projects at OWASP all meant to stop XSS.
The OWASP REFORM project led the charge. It's actually an incredibly powerful project with encoding support for a wide variety of languages!
The ESAPI project has its own series of encoders in various states of completion. Overall, the Reform projects looks more complete from a language point of view, while ESAPI supports a few more contexts that REFORM does not.
I also started a new Java project intended to be a more high performance encoder for SaaS applications.
There are also several encoders at Apache and other open source projects.
This is completely maddening for a developer. Where to go? What to use?
So I'm wondering if there would be a way to bring these projects together somehow.
John Steven and Dinis recommended we set up unit tests that all other encoder projects could use to verify their completeness. I'm a few years late, but I finally see the wisdom in this.
Aloha from Paris,
More information about the OWASP-Leaders