Where can I find ESAPI.properties?

java escaping owasp esapi
Pro picture Pro · Mar 26, 2015 · Viewed 55.7k times · Source

Am trying to use OWASP ESAPI library in my web app to escape request parameters in JSPs as below ESAPI.encoder().encodeForHTML(request.getParameter()).

I have added esapi-2.1.0.jar under WEB-INF/lib but I get the below exception

org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail. org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)

But I couldnt find ESAPI.properties in the JAR file. Any idea where I can get this? Also where should I place this properties file? Please help.

Answer

Deepesh verma picture Deepesh verma · Apr 8, 2015

Here is the reference: ESAPI installation guide.

You can download ESAPI.properties from here.

You can create ESAPI.properties file yourself and place the same content there. It should be placed in your 'src/main/resources' folder.

Also you will need validation.properties file to handle XSS, which should be placed in 'src/test/resources' folder.

Please make sure to change the application name in these properties file to your application as in

Validator.Redirect=^\\/test.*$

test should be replaced with your application name.

Related questions

HTML-Entity escaping to prevent XSS

I have some user input. Within my code, I ensure that the following symbols are escaped: & -> &amp; < -> &lt; > -> &gt; OWASP states that there are more chars to be …

Read More
How can I make Java print quotes, like "Hello"?

How can I make Java print "Hello"? When I type System.out.print("Hello"); the output will be Hello. What I am looking for is "Hello" with the quotes("").

Read More
What are all the escape characters?

I know some of the escape characters in Java, e.g. \n : Newline \r : Carriage return \t : Tab \\ : Backslash ... Is there a complete list somewhere?

Read More