https://stackoverflow.com/questions/22899609
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianReason for that is appending user provided data to the response without any escaping. This is vulnerable to injecting javascript which will get executed in user browser. To avoid such vulnerabilities you should html escape every user supplied data before sending it back. You can use some existing libraries to perform escaping for you like for example StringEscapeUtils
Servlet reflected cross site scripting vulnerability
Question
I've analyzed a code with Findbugs and it reported a warning for
servlet reflected cross site scripting vulnerability.
Code is like that and the 3rd line throws the warning:
String tickName = request.getParameter("ticko");
PrintWriter w = response.getWriter();
w.println("Unable to perform tickonem '" + tickName +"' because no tick with that name is active!"); //this line throws warning.
What is the real reason for it and how to fix it?
Solution
OTHER TIPS
Writing un-sanitised user data makes the application vulnerable to Cross side scripting attack. You can use this encoder library and modify your code like this:
import org.owasp.encoder.Encode;
String tickName = request.getParameter("ticko");
PrintWriter w = response.getWriter();
String responseString = Encode.forJava("Unable to perform tickonem '" + tickName + "' because no tick with that name is active!")
w.println(responseString); //this line now works correctly.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
