Initial import of owasp-java-encoder from upstream main

Bug: 262898801
Test: mma
Change-Id: I89d97ac6be9533b10d9add01706d59260b686cdd

21 files changed, 1938 insertions, 0 deletions

diff --git a/jsp/src/main/java/org/owasp/encoder/tag/EncodingTag.java b/jsp/src/main/java/org/owasp/encoder/tag/EncodingTag.java
new file mode 100644
index 0000000..ef9b482
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/EncodingTag.java
@@ -0,0 +1,57 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import javax.servlet.jsp.tagext.SimpleTagSupport;
+
+/**
+ * The base class for the encoding tags within this package.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public abstract class EncodingTag extends SimpleTagSupport {
+    /**
+     * The value to be written out by the tag.
+     */
+    protected String _value;
+    /**
+     * Sets the value to be written out by the tag.
+     * @param value the value to be written out by the tag.
+     */
+    public void setValue(String value) {
+        this._value = value;
+    }
+
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForCDATATag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForCDATATag.java
new file mode 100644
index 0000000..23db285
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForCDATATag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform encoding sufficient to place into a CDATA block.
+ * This wraps the {@link org.owasp.encoder.Encode#forCDATA(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForCDATATag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forCDATA(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForCssStringTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForCssStringTag.java
new file mode 100644
index 0000000..e6edb5e
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForCssStringTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform CSS encoding for CSS strings.
+ * This wraps the {@link org.owasp.encoder.Encode#forCssString(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForCssStringTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forCssString(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForCssUrlTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForCssUrlTag.java
new file mode 100644
index 0000000..673a975
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForCssUrlTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform CSS encoding for CSS URL contexts.
+ * This wraps the {@link org.owasp.encoder.Encode#forCssUrl(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForCssUrlTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forCssUrl(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlAttributeTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlAttributeTag.java
new file mode 100644
index 0000000..866b933
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlAttributeTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform HTML encoding for HTML text attributes.
+ * This wraps the {@link org.owasp.encoder.Encode#forHtmlAttribute(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForHtmlAttributeTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forHtmlAttribute(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlContentTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlContentTag.java
new file mode 100644
index 0000000..9ebf3c7
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlContentTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform HTML encoding for text content.
+ * This wraps the {@link org.owasp.encoder.Encode#forHtmlContent(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForHtmlContentTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forHtmlContent(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlTag.java
new file mode 100644
index 0000000..71c7d73
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform HTML encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forHtml(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForHtmlTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forHtml(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlUnquotedAttributeTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlUnquotedAttributeTag.java
new file mode 100644
index 0000000..5b895f9
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlUnquotedAttributeTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform HTML Attribute encoding for an unquoted attribute.
+ * This wraps the {@link org.owasp.encoder.Encode#forHtmlUnquotedAttribute(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForHtmlUnquotedAttributeTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forHtmlUnquotedAttribute(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptAttributeTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptAttributeTag.java
new file mode 100644
index 0000000..71ff6b6
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptAttributeTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform JavaScript Attribute encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forJavaScriptAttribute(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForJavaScriptAttributeTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forJavaScriptAttribute(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptBlockTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptBlockTag.java
new file mode 100644
index 0000000..439f963
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptBlockTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform JavaScript Block encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forJavaScriptBlock(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForJavaScriptBlockTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forJavaScriptBlock(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptSourceTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptSourceTag.java
new file mode 100644
index 0000000..4b6b3b1
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptSourceTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform JavaScript Source encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forJavaScriptSource(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForJavaScriptSourceTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forJavaScriptSource(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptTag.java
new file mode 100644
index 0000000..c3edc17
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform JavaScript encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forJavaScript(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForJavaScriptTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forJavaScript(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForUriComponentTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForUriComponentTag.java
new file mode 100644
index 0000000..ab1552e
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForUriComponentTag.java
@@ -0,0 +1,53 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag that performs percent-encoding for a component of a URI, such as a query
+ * parameter name or value, path, or query-string.
+ * This wraps the {@link org.owasp.encoder.Encode#forUriComponent(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForUriComponentTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forUriComponent(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForUriTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForUriTag.java
new file mode 100644
index 0000000..9b975f5
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForUriTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform percent-encoding of a URL according to RFC 3986.
+ * This wraps the {@link org.owasp.encoder.Encode#forUri(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForUriTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forUri(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForXmlAttributeTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlAttributeTag.java
new file mode 100644
index 0000000..e2820d9
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlAttributeTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform XML Attribute Encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forXmlAttribute(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForXmlAttributeTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forXmlAttribute(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForXmlCommentTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlCommentTag.java
new file mode 100644
index 0000000..fd3e0d5
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlCommentTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform XML Comment Encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forXmlAttribute(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForXmlCommentTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forXmlComment(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForXmlContentTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlContentTag.java
new file mode 100644
index 0000000..c5540ef
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlContentTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform XML Content Encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forXmlAttribute(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForXmlContentTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forXmlContent(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/java/org/owasp/encoder/tag/ForXmlTag.java b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlTag.java
new file mode 100644
index 0000000..ea9ebea
--- /dev/null
+++ b/jsp/src/main/java/org/owasp/encoder/tag/ForXmlTag.java
@@ -0,0 +1,52 @@
+// Copyright (c) 2012 Jeff Ichnowski
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+//     * Redistributions of source code must retain the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer.
+//
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials
+//       provided with the distribution.
+//
+//     * Neither the name of the OWASP nor the names of its
+//       contributors may be used to endorse or promote products
+//       derived from this software without specific prior written
+//       permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package org.owasp.encoder.tag;
+
+import java.io.IOException;
+import javax.servlet.jsp.JspException;
+import org.owasp.encoder.Encode;
+
+/**
+ * A tag to perform XML Encoding.
+ * This wraps the {@link org.owasp.encoder.Encode#forXml(java.lang.String)}.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class ForXmlTag extends EncodingTag {
+    @Override
+    public void doTag() throws JspException, IOException {
+        Encode.forXml(getJspContext().getOut(), _value);
+    }
+}
diff --git a/jsp/src/main/resources/META-INF/LICENSE b/jsp/src/main/resources/META-INF/LICENSE
new file mode 100644
index 0000000..f66c375
--- /dev/null
+++ b/jsp/src/main/resources/META-INF/LICENSE
@@ -0,0 +1,33 @@
+Copyright (c) 2015 Jeff Ichnowski
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+    * Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials
+      provided with the distribution.
+
+    * Neither the name of the OWASP nor the names of its
+      contributors may be used to endorse or promote products
+      derived from this software without specific prior written
+      permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/jsp/src/main/resources/META-INF/java-encoder-advanced.tld b/jsp/src/main/resources/META-INF/java-encoder-advanced.tld
new file mode 100644
index 0000000..becab48
--- /dev/null
+++ b/jsp/src/main/resources/META-INF/java-encoder-advanced.tld
@@ -0,0 +1,560 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<taglib version="2.1" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <display-name>OWASP Java Encoder Project</display-name>
+    <tlib-version>1.0</tlib-version>
+    <short-name>java-encoder</short-name>
+    <uri>https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#advanced</uri>
+    <tag>
+        <description>
+            Encodes data for an XML CDATA section.  On the chance that the input
+            contains a terminating
+            &quot;]]&amp;gt;&quot;, it will be replaced by
+            &amp;quot;]]&amp;gt;]]&amp;lt;![CDATA[&amp;gt;&amp;quot;.
+            As with all XML contexts, characters that are invalid according to the
+            XML specification will be replaced by a space character.  Caller must
+            provide the CDATA section boundaries.
+        </description>
+        <display-name>forCDATA</display-name>
+        <name>forCDATA</name>
+        <tag-class>org.owasp.encoder.tag.ForCDATATag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>The value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			This method encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forHtmlContent</display-name>
+        <name>forHtmlContent</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlContentTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>Encodes for XML and XHTML attribute content.</description>
+        <display-name>forXmlAttribute</display-name>
+        <name>forXmlAttribute</name>
+        <tag-class>org.owasp.encoder.tag.ForXmlAttributeTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>Encodes for XML and XHTML.</description>
+        <display-name>forXml</display-name>
+        <name>forXml</name>
+        <tag-class>org.owasp.encoder.tag.ForXmlTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for a JavaScript string.  It is safe for use in HTML
+			script attributes (such as onclick), script
+			blocks, JSON files, and JavaScript source.  The caller MUST
+			provide the surrounding quotation characters for the string.
+			Since this performs additional encoding so it can work in all
+			of the JavaScript contexts listed, it may be slightly less
+			efficient then using one of the methods targetted to a specific
+			JavaScript context: forJavaScriptAttribute,
+			forJavaScriptBlock, or forJavaScriptSource.
+
+			Unless you are interested in saving a few bytes of output or
+			are writing a framework on top of this library, it is recommend
+			that you use this method over the others.
+        </description>
+        <display-name>forJavaScript</display-name>
+        <name>forJavaScript</name>
+        <tag-class>org.owasp.encoder.tag.ForJavaScriptTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			This method encodes for JavaScript strings contained within
+			HTML script attributes (such as onclick).  It is
+			NOT safe for use in script blocks.  The caller MUST provide the
+			surrounding quotation characters.  This method performs the
+			same encode as Encode.forJavaScript(String) with the
+			exception that / is not escaped.
+        </description>
+        <display-name>forJavaScriptAttribute</display-name>
+        <name>forJavaScriptAttribute</name>
+        <tag-class>org.owasp.encoder.tag.ForJavaScriptAttributeTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			This method encodes for JavaScript strings contained within
+			HTML script blocks.  It is NOT safe for use in script
+			attributes (such as onclick).  The caller must
+			provide the surrounding quotation characters.  This method
+			performs the same encode as Encode.forJavaScript(String)} with
+			the exception that " and ' are encoded as \" and \' respectively.
+        </description>
+        <display-name>forJavaScriptBlock</display-name>
+        <name>forJavaScriptBlock</name>
+        <tag-class>org.owasp.encoder.tag.ForJavaScriptBlockTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			This method encodes for JavaScript strings contained within
+			a JavaScript or JSON file. This method is NOT safe for
+			use in ANY context embedded in HTML. The caller must
+			provide the surrounding quotation characters.  This method
+			performs the same encode as Encode.forJavaScript(String) with
+			the exception that / and &amp; are not escaped and " and ' are
+			encoded as \" and \' respectively.
+        </description>
+        <display-name>forJavaScriptSource</display-name>
+        <name>forJavaScriptSource</name>
+        <tag-class>org.owasp.encoder.tag.ForJavaScriptSourceTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for unquoted HTML attribute values. forHtml(String) or
+			forHtmlAttribute(String) should usually be preferred over this
+			method as quoted attributes are XHTML compliant.
+        </description>
+        <display-name>forHtmlUnquotedAttribute</display-name>
+        <name>forHtmlUnquotedAttribute</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlUnquotedAttributeTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Performs percent-encoding of a URL according to RFC 3986.  The provided
+			URL is assumed to a valid URL.  This method does not do any checking on
+			the quality or safety of the URL itself.  In many applications it may
+			be better to use java.net.URI instead.  Note: this is a
+			particularly dangerous context to put untrusted content in, as for
+			example a "javascript:" URL provided by a malicious user would be
+			"properly" escaped, and still execute.
+        </description>
+        <display-name>forUri</display-name>
+        <name>forUri</name>
+        <tag-class>org.owasp.encoder.tag.ForUriTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for CSS URL contexts. The context must be surrounded by "url()".  It
+			is safe for use in both style blocks and attributes in HTML. Note: this does
+			not do any checking on the quality or safety of the URL itself.  The caller
+			should insure that the URL is safe for embedding (e.g. input validation) by
+			other means.
+        </description>
+        <display-name>forCssUrl</display-name>
+        <name>forCssUrl</name>
+        <tag-class>org.owasp.encoder.tag.ForCssUrlTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encoder for XML comments. NOT FOR USE WITH (X)HTML CONTEXTS.
+			(X)HTML comments may be interpreted by browsers as something
+			other than a comment, typically in vendor specific extensions
+			(e.g. &amp;lt;--if[IE]--&amp;gt;.
+			For (X)HTML it is recommend that unsafe content never be included
+			in a comment.
+        </description>
+        <display-name>forXmlComment</display-name>
+        <name>forXmlComment</name>
+        <tag-class>org.owasp.encoder.tag.ForXmlCommentTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>Encodes for HTML text attributes.</description>
+        <display-name>forHtmlAttribute</display-name>
+        <name>forHtmlAttribute</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlAttributeTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for (X)HTML text content and text attributes.
+        </description>
+        <display-name>forHtml</display-name>
+        <name>forHtml</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forXmlContent</display-name>
+        <name>forXmlContent</name>
+        <tag-class>org.owasp.encoder.tag.ForXmlContentTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Performs percent-encoding for a component of a URI, such as a query
+			parameter name or value, path or query-string.  In particular this
+			method insures that special characters in the component do not get
+			interpreted as part of another component.
+        </description>
+        <display-name>forUriComponent</display-name>
+        <name>forUriComponent</name>
+        <tag-class>org.owasp.encoder.tag.ForUriComponentTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for CSS strings. The context must be surrounded by quotation characters.
+			It is safe for use in both style blocks and attributes in HTML.
+        </description>
+        <display-name>forCssString</display-name>
+        <name>forCssString</name>
+        <tag-class>org.owasp.encoder.tag.ForCssStringTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <function>
+        <description>
+			Encodes for (X)HTML text content and text attributes.
+        </description>
+        <display-name>forHtml</display-name>
+        <name>forHtml</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtml(java.lang.String)</function-signature>
+        <example>forHtml(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			This method encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forHtmlContent</display-name>
+        <name>forHtmlContent</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtmlContent(java.lang.String)</function-signature>
+        <example>forHtmlContent(unsafeData)</example>
+    </function>
+    <function>
+        <description>Encodes for HTML text attributes.</description>
+        <name>forHtmlAttribute</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtmlAttribute(java.lang.String)</function-signature>
+        <example>forHtmlAttribute(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for unquoted HTML attribute values. forHtml(String) or
+			forHtmlAttribute(String) should usually be preferred over this
+			method as quoted attributes are XHTML compliant.
+        </description>
+        <display-name>forHtmlUnquotedAttribute</display-name>
+        <name>forHtmlUnquotedAttribute</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtmlUnquotedAttribute(java.lang.String)</function-signature>
+        <example>forHtmlUnquotedAttribute(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for CSS strings. The context must be surrounded by quotation characters.
+			It is safe for use in both style blocks and attributes in HTML.
+        </description>
+        <display-name>forCssString</display-name>
+        <name>forCssString</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forCssString(java.lang.String)</function-signature>
+        <example>forCssString(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for CSS URL contexts. The context must be surrounded by "url()".  It
+			is safe for use in both style blocks and attributes in HTML. Note: this does
+			not do any checking on the quality or safety of the URL itself.  The caller
+			should insure that the URL is safe for embedding (e.g. input validation) by
+			other means.
+        </description>
+        <display-name>forCssUrl</display-name>
+        <name>forCssUrl</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forCssUrl(java.lang.String)</function-signature>
+        <example>forCssUrl(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Performs percent-encoding of a URL according to RFC 3986.  The provided
+			URL is assumed to a valid URL.  This method does not do any checking on
+			the quality or safety of the URL itself.  In many applications it may
+			be better to use java.net.URI instead.  Note: this is a
+			particularly dangerous context to put untrusted content in, as for
+			example a "javascript:" URL provided by a malicious user would be
+			"properly" escaped, and still execute.
+        </description>
+        <display-name>forUri</display-name>
+        <name>forUri</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forUri(java.lang.String)</function-signature>
+        <example>forUri(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Performs percent-encoding for a component of a URI, such as a query
+			parameter name or value, path or query-string.  In particular this
+			method insures that special characters in the component do not get
+			interpreted as part of another component.
+        </description>
+        <display-name>forUriComponent</display-name>
+        <name>forUriComponent</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forUriComponent(java.lang.String)</function-signature>
+        <example>forUriComponent(unsafeData)</example>
+    </function>
+    <function>
+        <description>Encodes for XML and XHTML.</description>
+        <display-name>forXml</display-name>
+        <name>forXml</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forXml(java.lang.String)</function-signature>
+        <example>forXml(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forXmlContent</display-name>
+        <name>forXmlContent</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forXmlContent(java.lang.String)</function-signature>
+        <example>forXmlContent(unsafeData)</example>
+    </function>
+    <function>
+        <description>Encodes for XML and XHTML attribute content.</description>
+        <display-name>forXmlAttribute</display-name>
+        <name>forXmlAttribute</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forXmlAttribute(java.lang.String)</function-signature>
+        <example>forXmlAttribute(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encoder for XML comments. NOT FOR USE WITH (X)HTML CONTEXTS.
+			(X)HTML comments may be interpreted by browsers as something
+			other than a comment, typically in vendor specific extensions
+			(e.g. &amp;lt;--if[IE]--&amp;gt;.
+			For (X)HTML it is recommend that unsafe content never be included
+			in a comment.
+        </description>
+        <name>forXmlComment</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forXmlComment(java.lang.String)</function-signature>
+        <example>forXmlComment(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+            Encodes data for an XML CDATA section.  On the chance that the input
+            contains a terminating
+            &quot;]]&amp;gt;&quot;, it will be replaced by
+            &amp;quot;]]&amp;gt;]]&amp;lt;![CDATA[&amp;gt;&amp;quot;.
+            As with all XML contexts, characters that are invalid according to the
+            XML specification will be replaced by a space character.  Caller must
+            provide the CDATA section boundaries.
+        </description>
+        <display-name>forCDATA</display-name>
+        <name>forCDATA</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forCDATA(java.lang.String)</function-signature>
+        <example>forCDATA(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for a JavaScript string.  It is safe for use in HTML
+			script attributes (such as onclick), script
+			blocks, JSON files, and JavaScript source.  The caller MUST
+			provide the surrounding quotation characters for the string.
+			Since this performs additional encoding so it can work in all
+			of the JavaScript contexts listed, it may be slightly less
+			efficient then using one of the methods targetted to a specific
+			JavaScript context: forJavaScriptAttribute,
+			forJavaScriptBlock, or forJavaScriptSource.
+
+			Unless you are interested in saving a few bytes of output or
+			are writing a framework on top of this library, it is recommend
+			that you use this method over the others.
+        </description>
+        <display-name>forJavaScript</display-name>
+        <name>forJavaScript</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forJavaScript(java.lang.String)</function-signature>
+        <example>forJavaScript(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			This method encodes for JavaScript strings contained within
+			HTML script attributes (such as onclick).  It is
+			NOT safe for use in script blocks.  The caller MUST provide the
+			surrounding quotation characters.  This method performs the
+			same encode as Encode.forJavaScript(String) with the
+			exception that / is not escaped.
+        </description>
+        <display-name>forJavaScriptAttribute</display-name>
+        <name>forJavaScriptAttribute</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forJavaScriptAttribute(java.lang.String)</function-signature>
+        <example>forJavaScriptAttribute(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			This method encodes for JavaScript strings contained within
+			HTML script blocks.  It is NOT safe for use in script
+			attributes (such as onclick).  The caller must
+			provide the surrounding quotation characters.  This method
+			performs the same encode as Encode.forJavaScript(String)} with
+			the exception that " and ' are encoded as \" and \' respectively.
+        </description>
+        <display-name>forJavaScriptBlock</display-name>
+        <name>forJavaScriptBlock</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forJavaScriptBlock(java.lang.String)</function-signature>
+        <example>forJavaScriptBlock(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			This method encodes for JavaScript strings contained within
+			a JavaScript or JSON file. This method is NOT safe for
+			use in ANY context embedded in HTML. The caller must
+			provide the surrounding quotation characters.  This method
+			performs the same encode as Encode.forJavaScript(String) with
+			the exception that / and &amp; are not escaped and " and ' are
+			encoded as \" and \' respectively.
+        </description>
+        <display-name>forJavaScriptSource</display-name>
+        <name>forJavaScriptSource</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forJavaScriptSource(java.lang.String)</function-signature>
+        <example>
+			&lt;%@page contentType="text/javascript; charset=UTF-8"%>
+			var data = '${forJavaScriptSource(unsafeData)}';
+        </example>
+    </function>
+</taglib>
\ No newline at end of file
diff --git a/jsp/src/main/resources/META-INF/java-encoder.tld b/jsp/src/main/resources/META-INF/java-encoder.tld
new file mode 100644
index 0000000..b761de0
--- /dev/null
+++ b/jsp/src/main/resources/META-INF/java-encoder.tld
@@ -0,0 +1,403 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<taglib version="2.1" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <display-name>OWASP Java Encoder Project</display-name>
+    <tlib-version>1.0</tlib-version>
+    <short-name>java-encoder</short-name>
+    <uri>https://www.owasp.org/index.php/OWASP_Java_Encoder_Project</uri>
+    <tag>
+        <description>
+            Encodes data for an XML CDATA section.  On the chance that the input
+            contains a terminating
+            &quot;]]&amp;gt;&quot;, it will be replaced by
+            &amp;quot;]]&amp;gt;]]&amp;lt;![CDATA[&amp;gt;&amp;quot;.
+            As with all XML contexts, characters that are invalid according to the
+            XML specification will be replaced by a space character.  Caller must
+            provide the CDATA section boundaries.
+        </description>
+        <display-name>forCDATA</display-name>
+        <name>forCDATA</name>
+        <tag-class>org.owasp.encoder.tag.ForCDATATag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>The value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			This method encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forHtmlContent</display-name>
+        <name>forHtmlContent</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlContentTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>Encodes for XML and XHTML attribute content.</description>
+        <display-name>forXmlAttribute</display-name>
+        <name>forXmlAttribute</name>
+        <tag-class>org.owasp.encoder.tag.ForXmlAttributeTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>Encodes for XML and XHTML.</description>
+        <display-name>forXml</display-name>
+        <name>forXml</name>
+        <tag-class>org.owasp.encoder.tag.ForXmlTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for a JavaScript string.  It is safe for use in HTML
+			script attributes (such as onclick), script
+			blocks, JSON files, and JavaScript source.  The caller MUST
+			provide the surrounding quotation characters for the string.
+			Since this performs additional encoding so it can work in all
+			of the JavaScript contexts listed, it may be slightly less
+			efficient then using one of the methods targetted to a specific
+			JavaScript context: forJavaScriptAttribute,
+			forJavaScriptBlock, or forJavaScriptSource.
+
+			Unless you are interested in saving a few bytes of output or
+			are writing a framework on top of this library, it is recommend
+			that you use this method over the others.
+        </description>
+        <display-name>forJavaScript</display-name>
+        <name>forJavaScript</name>
+        <tag-class>org.owasp.encoder.tag.ForJavaScriptTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for unquoted HTML attribute values. forHtml(String) or
+			forHtmlAttribute(String) should usually be preferred over this
+			method as quoted attributes are XHTML compliant.
+        </description>
+        <display-name>forHtmlUnquotedAttribute</display-name>
+        <name>forHtmlUnquotedAttribute</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlUnquotedAttributeTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Performs percent-encoding of a URL according to RFC 3986.  The provided
+			URL is assumed to a valid URL.  This method does not do any checking on
+			the quality or safety of the URL itself.  In many applications it may
+			be better to use java.net.URI instead.  Note: this is a
+			particularly dangerous context to put untrusted content in, as for
+			example a "javascript:" URL provided by a malicious user would be
+			"properly" escaped, and still execute.
+        </description>
+        <display-name>forUri</display-name>
+        <name>forUri</name>
+        <tag-class>org.owasp.encoder.tag.ForUriTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for CSS URL contexts. The context must be surrounded by "url()".  It
+			is safe for use in both style blocks and attributes in HTML. Note: this does
+			not do any checking on the quality or safety of the URL itself.  The caller
+			should insure that the URL is safe for embedding (e.g. input validation) by
+			other means.
+        </description>
+        <display-name>forCssUrl</display-name>
+        <name>forCssUrl</name>
+        <tag-class>org.owasp.encoder.tag.ForCssUrlTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>Encodes for HTML text attributes.</description>
+        <display-name>forHtmlAttribute</display-name>
+        <name>forHtmlAttribute</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlAttributeTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for (X)HTML text content and text attributes.
+        </description>
+        <display-name>forHtml</display-name>
+        <name>forHtml</name>
+        <tag-class>org.owasp.encoder.tag.ForHtmlTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forXmlContent</display-name>
+        <name>forXmlContent</name>
+        <tag-class>org.owasp.encoder.tag.ForXmlContentTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Performs percent-encoding for a component of a URI, such as a query
+			parameter name or value, path or query-string.  In particular this
+			method insures that special characters in the component do not get
+			interpreted as part of another component.
+        </description>
+        <display-name>forUriComponent</display-name>
+        <name>forUriComponent</name>
+        <tag-class>org.owasp.encoder.tag.ForUriComponentTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <tag>
+        <description>
+			Encodes for CSS strings. The context must be surrounded by quotation characters.
+			It is safe for use in both style blocks and attributes in HTML.
+        </description>
+        <display-name>forCssString</display-name>
+        <name>forCssString</name>
+        <tag-class>org.owasp.encoder.tag.ForCssStringTag</tag-class>
+        <body-content>empty</body-content>
+        <attribute>
+            <description>value to be written out</description>
+            <name>value</name>
+            <required>true</required>
+            <rtexprvalue>true</rtexprvalue>
+            <type>java.lang.String</type>
+        </attribute>
+    </tag>
+    <function>
+        <description>
+			Encodes for (X)HTML text content and text attributes.
+        </description>
+        <display-name>forHtml</display-name>
+        <name>forHtml</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtml(java.lang.String)</function-signature>
+        <example>forHtml(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			This method encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forHtmlContent</display-name>
+        <name>forHtmlContent</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtmlContent(java.lang.String)</function-signature>
+        <example>forHtmlContent(unsafeData)</example>
+    </function>
+    <function>
+        <description>Encodes for HTML text attributes.</description>
+        <name>forHtmlAttribute</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtmlAttribute(java.lang.String)</function-signature>
+        <example>forHtmlAttribute(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for unquoted HTML attribute values. forHtml(String) or
+			forHtmlAttribute(String) should usually be preferred over this
+			method as quoted attributes are XHTML compliant.
+        </description>
+        <display-name>forHtmlUnquotedAttribute</display-name>
+        <name>forHtmlUnquotedAttribute</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forHtmlUnquotedAttribute(java.lang.String)</function-signature>
+        <example>forHtmlUnquotedAttribute(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for CSS strings. The context must be surrounded by quotation characters.
+			It is safe for use in both style blocks and attributes in HTML.
+        </description>
+        <display-name>forCssString</display-name>
+        <name>forCssString</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forCssString(java.lang.String)</function-signature>
+        <example>forCssString(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for CSS URL contexts. The context must be surrounded by "url()".  It
+			is safe for use in both style blocks and attributes in HTML. Note: this does
+			not do any checking on the quality or safety of the URL itself.  The caller
+			should insure that the URL is safe for embedding (e.g. input validation) by
+			other means.
+        </description>
+        <display-name>forCssUrl</display-name>
+        <name>forCssUrl</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forCssUrl(java.lang.String)</function-signature>
+        <example>forCssUrl(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Performs percent-encoding of a URL according to RFC 3986.  The provided
+			URL is assumed to a valid URL.  This method does not do any checking on
+			the quality or safety of the URL itself.  In many applications it may
+			be better to use java.net.URI instead.  Note: this is a
+			particularly dangerous context to put untrusted content in, as for
+			example a "javascript:" URL provided by a malicious user would be
+			"properly" escaped, and still execute.
+        </description>
+        <display-name>forUri</display-name>
+        <name>forUri</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forUri(java.lang.String)</function-signature>
+        <example>forUri(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Performs percent-encoding for a component of a URI, such as a query
+			parameter name or value, path or query-string.  In particular this
+			method insures that special characters in the component do not get
+			interpreted as part of another component.
+        </description>
+        <display-name>forUriComponent</display-name>
+        <name>forUriComponent</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forUriComponent(java.lang.String)</function-signature>
+        <example>forUriComponent(unsafeData)</example>
+    </function>
+    <function>
+        <description>Encodes for XML and XHTML.</description>
+        <display-name>forXml</display-name>
+        <name>forXml</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forXml(java.lang.String)</function-signature>
+        <example>forXml(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for HTML text content.  It does not escape
+			quotation characters and is thus unsafe for use with
+			HTML attributes.  Use either forHtml or forHtmlAttribute for those
+			methods.
+        </description>
+        <display-name>forXmlContent</display-name>
+        <name>forXmlContent</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forXmlContent(java.lang.String)</function-signature>
+        <example>forXmlContent(unsafeData)</example>
+    </function>
+    <function>
+        <description>Encodes for XML and XHTML attribute content.</description>
+        <display-name>forXmlAttribute</display-name>
+        <name>forXmlAttribute</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forXmlAttribute(java.lang.String)</function-signature>
+        <example>forXmlAttribute(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+            Encodes data for an XML CDATA section.  On the chance that the input
+            contains a terminating
+            &quot;]]&amp;gt;&quot;, it will be replaced by
+            &amp;quot;]]&amp;gt;]]&amp;lt;![CDATA[&amp;gt;&amp;quot;.
+            As with all XML contexts, characters that are invalid according to the
+            XML specification will be replaced by a space character.  Caller must
+            provide the CDATA section boundaries.
+        </description>
+        <display-name>forCDATA</display-name>
+        <name>forCDATA</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forCDATA(java.lang.String)</function-signature>
+        <example>forCDATA(unsafeData)</example>
+    </function>
+    <function>
+        <description>
+			Encodes for a JavaScript string.  It is safe for use in HTML
+			script attributes (such as onclick), script
+			blocks, JSON files, and JavaScript source.  The caller MUST
+			provide the surrounding quotation characters for the string.
+        </description>
+        <display-name>forJavaScript</display-name>
+        <name>forJavaScript</name>
+        <function-class>org.owasp.encoder.Encode</function-class>
+        <function-signature>java.lang.String forJavaScript(java.lang.String)</function-signature>
+        <example>forJavaScript(unsafeData)</example>
+    </function>
+</taglib>
\ No newline at end of file