GithubHelp home page GithubHelp logo

esapi / owasp-esapi-js Goto Github PK

View Code? Open in Web Editor NEW
101.0 17.0 32.0 8.38 MB

An UNMAINTAINTED project originally exported from code.google.com/p/owasp-esapi-js. This project is deprecated. See the README.md for further details and possible alternatives.

License: Other

JavaScript 99.37% HTML 0.63%

owasp-esapi-js's Introduction

DEPRECATED - OWASP Enterprise Security API for JavaScript (ESAPI-JS)

No Maintenance Intended

This file is part of the Open Web Application Security Project (OWASP) Enterprise Security API (ESAPI) project. For details, please see https://owasp.org/www-project-enterprise-security-api/.

Copyright (c) 2008 - The OWASP Foundation

The ESAPI is published by OWASP under the BSD license. You should read and accept the LICENSE before you use, modify, and/or redistribute this software.

WARNING: This project is deprecated and unmaintainted. Use at your own risk.

This project is no longer supported. It is known to be potentially affected by a vulnerability in 'bower' (specifically, CVE-2019-5484). This vulnerability could be addressed by upgrading ESAPI-JS to use bower 1.8.8 or later, however this has been tried and resulted in deployment problems when using NPM. See the ensuing discussion for PR#29 for details.

Potential Alternatives to ESAPI-JS (aka, ESAPI4JS)

  • node-esapi - a minimal port of ESAPI-JS' output encoder that does not depend on bower and as of this writing (2021-03-30), has no known vulnerabilities. It does not include the validator or other portions of ESAPI-JS.
  • DOMPurify - a DOM-only, XSS sanitizer for HTML, MathML, and SVG.
  • Lots of additional alternatives if your project is not pure JavaScript.

Looking for Maintainers

If you would like to support project, please contact one or both of the ESAPI project leaders listed on the OWASP ESAPI wiki page. They can unarchive it for you.

Installation Instructions

$ npm install --save-dev ESAPI-JS

Installation:

  1. Download the distribution zip from http://owasp-esapi-js.googlecode.com
  2. Unzip the distribution zip
  3. Create a directory on your server, under the web root called esapi4js
  4. Copy either esapi.js or esapi-compressed.js from dist/ to your esapi4js directory
  5. Create a lib directory under the esapi4js called lib and copy the contents of dist/lib to that directory
  6. Create a resources directory under the esapi4js called resources and copy the contents of dist/resources to that directory

Quick Start:

<!-- esapi4js dependencies --><script type="text/javascript" language="JavaScript" src="{your_installation_path}/esapi4js/lib/log4js.js"></script>
<!-- esapi4js i18n resources -->
<script type="text/javascript" language="JavaScript" src="{your_installation_path}/esapi4js/resources/i18n/ESAPI_Standard_en_US.properties.js"></script>
<!-- esapi4js configuration -->
<script type="text/javascript" language="JavaScript" src="{your_installation_path}/esapi4js/resources/Base.esapi.properties.js"></script>
<!-- esapi4js core -->
<script type="text/javascript" language="JavaScript" src="{your_installation_path}/esapi4js/esapi.js"></script>

<script type="text/javascript" language="JavaScript">
    // Set any custom configuration options here or in an external js file that gets sourced in above.
    Base.esapi.properties.logging['ApplicationLogger'] = {
        Level: org.owasp.esapi.Logger.ALL,
	    Appenders: [ new Log4js.ConsoleAppender() ],
        LogUrl: true,
        LogApplicationName: true,
        EncodingRequired: true
    };

Base.esapi.properties.application.Name = "My Application v1.0";

// Initialize the api
org.owasp.esapi.ESAPI.initialize();

// Using the logger
$ESAPI.logger().getLogger('ApplicationLogger').info(org.owasp.esapi.Logger.EventType.EVENT_SUCCESS, 'This is a test message');

// Using the encoder
document.writeln( $ESAPI.encoder().encodeForHTML( "<a href=\"http://owasp-esapi-js.googlecode.com\">Check out esapi4js</a>" ) );

// Using the validator
var validateCreditCard = function() {
    return $ESAPI.validator().isValidCreditCard( $('CreditCard').value );
}
</script>`

License

BSD

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.