6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Is is possible to make an XSS in this situation ？\",\"text\":\"

I have a jsp file with the following code snippet:

\\n\\n

<form action=<%= request.getContextPath() %>/query_flight? ...\\n

\\n\\n

When using codesecue to do static code check, I got an XSS attack warning: \\n $\\\"enter$

\\n\\n

But I am confused because context.getContextPath is a Java EE standard API. Is it possible to do an XSS attack??

\\n\\n

Any suggestion?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"爱国者\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","java",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/java/1","children":"java"}]}],["$","span","jsp",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/jsp/1","children":"jsp"}]}],["$","span","jakarta-ee",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/jakarta-ee/1","children":"jakarta-ee"}]}],["$","span","xss",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/xss/1","children":"xss"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/6PQIa.jpg?s=256","alt":"爱国者","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/351545/%e7%88%b1%e5%9b%bd%e8%80%85","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"爱国者"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",4348]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Is is possible to make an XSS in this situation ？"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I have a jsp file with the following code snippet:

\n\n

<form action=<%= request.getContextPath() %>/query_flight? ...\n

\n\n

When using codesecue to do static code check, I got an XSS attack warning: \n $\"enter$

\n\n

But I am confused because context.getContextPath is a Java EE standard API. Is it possible to do an XSS attack??

\n\n

Any suggestion?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",690]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","11627146",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/2f0d9dec16bae1e06552af55ddefc11f?s=256&d=identicon&r=PG","alt":"JB Nizet","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/571407/jb-nizet","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"JB Nizet"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",691973]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

The tool is wrong. That said, I would use the <c:url> JSTL tag to generate the URL. It would take care of the context path, and of URL rewriting if necessary to track sessions.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","2658922",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2658922","className":"text-blue-600 hover:underline","children":"XSS prevention in JSP/Servlet web application"}]}],["$","li","65990702",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/65990702","className":"text-blue-600 hover:underline","children":"How to solve this XSS security issue in JSP page"}]}],["$","li","46177954",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/46177954","className":"text-blue-600 hover:underline","children":"How to avoid XSS with this bit of scriplet?"}]}],["$","li","3587199",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3587199","className":"text-blue-600 hover:underline","children":"How to sanitize HTML code to prevent XSS attacks in Java or JSP?"}]}],["$","li","36574382",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/36574382","className":"text-blue-600 hover:underline","children":"XSS prevention, minimal implementation"}]}],["$","li","14554351",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14554351","className":"text-blue-600 hover:underline","children":"XSS vulnerability in java"}]}],["$","li","23379835",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/23379835","className":"text-blue-600 hover:underline","children":"Overriding default <%=%> in JSP to prevent XSS Hack"}]}],["$","li","5103884",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5103884","className":"text-blue-600 hover:underline","children":"XSS attacks in jsp"}]}],["$","li","2333586",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2333586","className":"text-blue-600 hover:underline","children":"Java 5 HTML escaping To Prevent XSS"}]}],["$","li","4108629",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4108629","className":"text-blue-600 hover:underline","children":"protect jsp pages againt xss"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Is is possible to make an XSS in this situation ？

Answers (1)

Related Questions