Java bean validation alternatives to OWASP ESAPI

4.2k views Asked by At

With OWASP demoting Java ESAPI from a flagship project and all of the discussion and uncertainty revolving around the library, I'd like to see what alternatives are available. I currently utilize ESAPI for input validation, HTML/JS/etc encoding and CSRF. I've looked around and found libraries such as OVal, Vlad and others, but have not found an inclusive library that handles the previous 3 items all-inclusive. I'd also like it to be externally "configurable" for the rules as well if possible (as ESAPI is).

Do you have any recommendations to handle Java input/bean validation, HTML/JS encoding and CSRF token utilization? Either open source or commercial.

1

There are 1 answers

0
rbelasko On BEST ANSWER

If you are using some of the following web frameworks, Spring MVC, Grails, Struts 1, Struts 2, JSF, take a look to HDIV

You can see the differece between HDIV and ESAPI features at: Difference between HDIV and ESAPI