Before
Code snippet in JSP file:
1 2 | String content = report.getContent();
out.print(content);
|
After
Add dependency in pom.xml
1 2 3 4 5 | <dependency> <groupId>org.owasp.encoder</groupId> <artifactId>encoder</artifactId> <version>1.2.1</version> </dependency> |
Updated code snippet in JSP file:
1 2 3 4 5 | <%@ page import="org.owasp.encoder.Encode"%> String content = report.getContent(acct_no,schema+"://"+server+":"+port); out.print(Encode.forHtml(content)); |
Reference
[1] https://github.com/OWASP/owasp-java-encoder/wiki/2)-Use-the-OWASP-Java-Encoder
No comments:
Post a Comment