I need to use the Encode.forHtml() in a js file. i'm using the jar Recommended by OWASP - encoder-1.2.jar i'm following the details given in this page https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project
Here all the examples are shown with Scriptlets. I know scriptlets can be used only in jsp. But i want to use the Encode.forHtml() in a js file. so can someone please help me and explain how i can use it a js file.
i tried the following but it didnt work
PS: There is no problem with the jar. i used the Encode.forHtml() from a script written inside the JSP and it works fine. i have also imported the jar to the jsp
<%@page import="org.owasp.encoder.Encode" %>
This is the script inside the jsp (this is working fine)
I need to know how to write that without the scriptlet in a js file.
If you want to insert untrusted data into an HTML element, you can assign it to .innerText or .textContent (depending on browser).
document.getElementById(<someid>).textContent = response
However if you want to support HTML in the response, but you don't want it to be able to run code, you can use DOMPurify to sanitize the response and make static HTML out of it.
©2020 All rights reserved.