Reputation: 601
problem in using ESAPI library for XSS prevention
I am trying to prevent XSS attacks in my website for this i am using OWASP ESAPI library .I added jar for this library in classpath and I am getting following error .
Attempting to load ESAPI.properties via file io.
Attempting to load ESAPI.properties via file io.
Not found in 'org.owasp.esapi.resources' directory or file not readable: F:\eclipse\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in 'user.home' directory: C:\Users\juzer.esapi\ESAPI.properties
Loading ESAPI.properties via file io failed.
Attempting to load ESAPI.properties via the classpath.
ESAPI.properties could not be loaded by any means. fail.
Thanks
Upvotes: 3
Views: 5866
Answers (2)
Reputation: 2111
Try adding ESAPI.properties and antisamy-esapi.xml to your "your web app"/src/java directory. When you build, it will be added to your classpath at "your web app"/build/web/WEB-INF/classes
Upvotes: 0
Reputation: 31
Like the error suggests, you are missing ESAPI.properties. It needs to be in your classpath. After you deploy, make sure you can find it in WEB-INF/classes.
Here is an example of ESAPI.properties.
Upvotes: 3
Related Questions
- Fixing Cross site scripting vulnerability in java using OWASP
- prevent XSS attacks In JSPs
- ESAPI for XSS prevention not working
- How to add whitelist of tags for Java ESAPI
- Java ESAPI IMPLEMENTATION
- antisamy-esapi.xml not found when trying to use OWASP ESAPI
- Getting antisamy-esapi.xml not found exception while trying to use OWASP ESAPI library
- Preventing DOM based XSS using ESAPI
- ESAPI XSS prevention for user supplied url property
- How to implement Java ESAPI for preventing XSS?