Friday, August 28, 2009

No Built-In Response.HTMLEncode in Java

Why doesn't Java have a built-in HTMLEncode function??

With security vulnerabilities like Cross-Site Scripting (XSS) luring around since so many years, I am wondering why hasn't Java yet come up with its own function for Encoding chars which are malicious.

Developers have to rely on either writing their own functions to encode characters to prevent XSS or use Open-Source libraries available to encode.

I believe 'Sun' ... sorry...'Oracle' should think of having this simple thing built-in.

What say folks?

2 comments:

  1. I havent worked in java for abt 2 years but yes i do agree that java (oracle) shud hv more standard apis that will help users be more careful about basic security of their webapps.

    ReplyDelete