Friday, August 28, 2009

No Built-In Response.HTMLEncode in Java

Why doesn't Java have a built-in HTMLEncode function??

With security vulnerabilities like Cross-Site Scripting (XSS) luring around since so many years, I am wondering why hasn't Java yet come up with its own function for Encoding chars which are malicious.

Developers have to rely on either writing their own functions to encode characters to prevent XSS or use Open-Source libraries available to encode.

I believe 'Sun' ... sorry...'Oracle' should think of having this simple thing built-in.

What say folks?