How to fix XSS Reflected in java

Question

I have a fortification report that shows the XSS Reflected defect from the 2nd line below.

String name = request.getParameter ("name");

response.getWriter (). write ("Name:" + name);

Recommendation: All user input displayed to web clients must be HTML encoded and validated. This is Java code and I'm not sure how to fix this.

+3

SuRa 02 jul. '15 at 6:00

1 answer

Nadhir Loghmari · Answer 1 · 2015-07-02T09:08:51+0000

In a simple way, you can simply use the OWASP Enterprise Security API (Java Edition):

 String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) );

See the link: