SuRa
Reputation: 513
how to fix XSS Reflected in java
I got fortify report which shows XSS Reflected defect from the below 2nd line.
String name = request.getParameter("name");
response.getWriter().write("Name: " + name);
Recommendation given: All user input displayed to web clients should HTML encoded and validated. This is java code and I am not sure about how to fix this.
Upvotes: 7
Views: 22814
Answers (1)
Nadhir Loghmari
Reputation: 101
A simple way, you can just use the OWASP Enterprise Security API (Java Edition) :
String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) );
See those link:
OWASP Enterprise Security API (Java Edition) Documentation
OWASP Enterprise Security API (Java Edition) Code Example
Upvotes: 10
Related Questions
- I am not sure how to perform html escaping in my java project to prevent XSS
- How to sanitize HTML code in Java to prevent XSS attacks?
- XSS prevention, minimal implementation
- XSS vulnerability in java
- How to fix XSS vulnerabilites
- Xss sanitization in java
- XSS Vulnerabilities Issue in a Servlet Class for response.getOutputStream().write(buffer)
- Java 5 HTML escaping To Prevent XSS
- jQuery XSS Issue