With OWASP demoting Java ESAPI from a flagship project and all of the discussion and uncertainty revolving around the library, I'd like to see what alternatives are available. I currently utilize ESAPI for input validation, HTML/JS/etc encoding and CSRF. I've looked around and found libraries such as OVal, Vlad and others, but have not found an inclusive library that handles the previous 3 items all-inclusive. I'd also like it to be externally "configurable" for the rules as well if possible (as ESAPI is).
Do you have any recommendations to handle Java input/bean validation, HTML/JS encoding and CSRF token utilization? Either open source or commercial.
If you are using some of the following web frameworks, Spring MVC, Grails, Struts 1, Struts 2, JSF, take a look to HDIV
You can see the differece between HDIV and ESAPI features at: Difference between HDIV and ESAPI