Total Pageviews

2018/02/14

[Fortify] Fix Cross-Site Scripting: Persistent

Problem


Before
Code snippet in JSP file:
1
2
    String content = report.getContent();
    out.print(content);


After

Add dependency in pom.xml
1
2
3
4
5
    <dependency>
        <groupId>org.owasp.encoder</groupId>
        <artifactId>encoder</artifactId>
        <version>1.2.1</version>
    </dependency>

Updated code snippet in JSP file:
1
2
3
4
5
    <%@ page import="org.owasp.encoder.Encode"%>


    String content = report.getContent(acct_no,schema+"://"+server+":"+port);
    out.print(Encode.forHtml(content));    


Reference
[1] https://github.com/OWASP/owasp-java-encoder/wiki/2)-Use-the-OWASP-Java-Encoder

No comments: