Skip to content

Commit

Permalink
Fix code scanning alert no. 20: Cross-site scripting (#13)
Browse files Browse the repository at this point in the history 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@Maneppagolmanju @github-advanced-security
Maneppagolmanju and github-advanced-security[bot] authored Nov 26, 2024
1 parent 00310cf commit f3bf713
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
5 changes: 5 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@
</properties>

<dependencies>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.12.0</version>
</dependency>
<dependency>
<groupId>com.onelogin</groupId>
<artifactId>java-saml</artifactId>
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/servlets/module/challenge/XssChallengeSix.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package servlets.module.challenge;

import dbProcs.Getter;
import org.apache.commons.text.StringEscapeUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Locale;
Expand Down Expand Up @@ -80,7 +81,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String searchTerm = request.getParameter("searchTerm");
log.debug("User Submitted - " + searchTerm);
searchTerm = XssFilter.anotherBadUrlValidate(searchTerm);
userPost = "<a href=\"" + searchTerm + "\">Your HTTP Link!</a>";
String encodedSearchTerm = StringEscapeUtils.escapeHtml4(searchTerm);
userPost = "<a href=\"" + encodedSearchTerm + "\">Your HTTP Link!</a>";
log.debug("After Sanitising - " + searchTerm);

boolean xssDetected = FindXSS.search(userPost);
Expand Down

0 comments on commit f3bf713

Please sign in to comment.