Not sure you understand what @Encoded does. It just means you want the
RAW parameter. For example /Hello World must be encoded as
/Hello%20World
So, if you had /{text}
@PathParam(text) String decoded,
@Encoded @PathParam(text) String encoded
decoded = Hello World
encoded = Hello%20World
If you are worried about XSS, then you should probably:
a) Not have REST services that output application/javascript
b) Implement CORS in your app.
On 12/10/2013 6:48 AM, John D. Ament wrote:
Hi all,
Wanted to get your opinions. What is the right time to use @Encoded?
Purely from a security scan standpoint, a number of places in my
coded were picked up for XSS, and I'm wondering if annotating these
endpoints with @Encoded would help.
John
--
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631iu=/4140/ostg.clktrk
___
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
--
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831iu=/4140/ostg.clktrk
___
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users