Description
We either need a separate ESAPI Encoder User Guide or a suitable wiki page (either on the GitHub repo or the OWASP wiki) or a GitHub 'Gist' to document how to use the ESAPI Encoder in various scenarios. The documentation should be aimed at beginners and should start with an introduction to XSS rather than assuming that developers understand it. While it can refer to other OWASP documentation (such as the Cheat Sheet series) for detailed references, we should try to avoid a lot of "link hoping".
If should focus on encoders used for XSS defense, but at the end, touch on the other encoders and when they are appropriate to use as well.
Since the Java Encoder project shares similar interfaces with ESAPI for output encoding, we should explore a collaborative effort together with that project and maybe the Cheat Sheet series projects as well.
NOTE: The motivation for this comes from Chamila Wijayarathna and Nalin A. G. Arachchilage for their authorship and subsequent extensive discussion of their paper "Fighting Against XSS Attacks: A Usability Evaluation of OWASP ESAPI Output Encoding". One thing noted in that paper his how participants in that study struggled to understand the big picture and how to apply the appropriate encoder and they thought a user guide for the ESAPI Encoder would be useful.