Am trying to use OWASP ESAPI library in my web app to escape request parameters in JSPs as below ESAPI.encoder().encodeForHTML(request.getParameter()).
I have added esapi-2.1.0.jar under WEB-INF/lib but I get the below exception
org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail. org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)
But I couldnt find ESAPI.properties in the JAR file. Any idea where I can get this? Also where should I place this properties file? Please help.
Here is the reference: ESAPI installation guide.
You can download ESAPI.properties from here.
You can create ESAPI.properties file yourself and place the same content there. It should be placed in your 'src/main/resources' folder.
Also you will need validation.properties file to handle XSS, which should be placed in 'src/test/resources' folder.
Please make sure to change the application name in these properties file to your application as in
Validator.Redirect=^\\/test.*$
test
should be replaced with your application name.