{"library":"node-esapi","title":"OWASP ESAPI Encoder for Node.js","description":"node-esapi is a minimal port of the OWASP Enterprise Security API for JavaScript (ESAPI4JS) encoder, adapted for use in Node.js environments. Published as version 0.0.1, it primarily offers functions for various output encoding contexts such as HTML, CSS, JavaScript, URL, HTML attributes, and Base64, aiming to mitigate Cross-Site Scripting (XSS) and other injection vulnerabilities. The package appears to have been developed around 2014, given its copyright, and has not seen subsequent releases or updates, indicating it is no longer actively maintained. While ESAPI was historically a key project for security, current best practices often recommend highly contextual encoding provided by templating engines or dedicated, well-maintained security libraries tailored to specific frameworks, rather than a generic, standalone encoder like this unmaintained port. Its core differentiator was being an OWASP-backed security utility, but its current state makes it unsuitable for modern applications.","language":"javascript","status":"abandoned","last_verified":"Sun Apr 19","install":{"commands":["npm install node-esapi"],"cli":null},"imports":["const ESAPI = require('node-esapi');","const encoder = ESAPI.encoder();","app.use(ESAPI.middleware());"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"const ESAPI = require('node-esapi');\n\n// Get an encoder instance\nconst encoder = ESAPI.encoder();\n\n// Example of HTML encoding\nconst userInput = '<script>alert(\"XSS!\")</script>';\nconst encodedHTML = encoder.encodeForHTML(userInput);\nconsole.log('Encoded for HTML:', encodedHTML);\n\n// Example of JavaScript encoding\nconst jsInput = \"hello' + world\";\nconst encodedJS = encoder.encodeForJS(jsInput);\nconsole.log('Encoded for JavaScript:', encodedJS);\n\n// Example of URL encoding\nconst urlInput = 'http://example.com?param=value with spaces';\nconst encodedURL = encoder.encodeForURL(urlInput);\nconsole.log('Encoded for URL:', encodedURL);","lang":"javascript","description":"Demonstrates basic usage of the ESAPI encoder to mitigate common injection vulnerabilities by encoding input for different contexts like HTML, JavaScript, and URLs.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}