To escape from Cross-Site-Scripting attack i have to sanitize html content.
Previously i used Esapi encoder canonicalize like this:
ESAPI.encoder().canonicalize(content);
and last update on this project was 3 years ago, so i wanted to update to their new project "OWASP Encoder Project".
but I didn't found a way how can i use it so i can sanitize my content?
for example, previously when i run the canonicalize method on content like "%3Cscript%3E" i would get back "<script>", but now, no matter which encoder I use, it just doesn't do the same job, maybe I missed something?
The ESAPI 2.2.0.0-RC2 release is already available; give it a try. The RC3 release should be available in the next couple of days. (I'm just waiting on some comments from fellow ESAPI contributors at this point.) I am anticipating the 2.2.0.0 release to be out before the end of June 2019. We never actually stopped supporting it; it just took forever to figure out how to do the Maven magic to get the releases uploaded correctly.
-kevin wall, ESAPI project co-leader