how to fix XSS Reflected in java
14,786
A simple way, you can just use the OWASP Enterprise Security API (Java Edition) :
String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) );
See those link:
OWASP Enterprise Security API (Java Edition) Documentation
OWASP Enterprise Security API (Java Edition) Code Example
Author by
SuRa
Updated on June 09, 2022Comments
-
SuRa almost 2 years
I got fortify report which shows XSS Reflected defect from the below 2nd line.
String name = request.getParameter("name");
response.getWriter().write("Name: " + name);
Recommendation given: All user input displayed to web clients should HTML encoded and validated. This is java code and I am not sure about how to fix this.
-
john ktejik almost 2 yearsdead link......