Skip to content

Commit 4708052

Browse files
atorralbaatorralba
authored
Merge pull request #10408 from giper45/patch-1
Updated vulnerable XSS.java version
2 parents af25cf8 + ac46a38 commit 4708052

File tree

2 files changed

+4
-3
lines changed

2 files changed

+4
-3
lines changed

java/ql/src/Security/CWE/CWE-079/XSS.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
public class XSS extends HttpServlet {
22
protected void doGet(HttpServletRequest request, HttpServletResponse response)
33
throws ServletException, IOException {
4-
// BAD: a request parameter is written directly to an error response page
5-
response.sendError(HttpServletResponse.SC_NOT_FOUND,
4+
// BAD: a request parameter is written directly to the Servlet response stream
5+
response.getWriter().print(
66
"The page \"" + request.getParameter("page") + "\" was not found.");
7+
78
}
89
}

java/ql/src/Security/CWE/CWE-079/XSS.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ reference.</p>
1818
</recommendation>
1919
<example>
2020

21-
<p>The following example shows the page parameter being written directly to the server error page,
21+
<p>The following example shows the <code>page</code> parameter being written directly to the page,
2222
leaving the website vulnerable to cross-site scripting.</p>
2323

2424
<sample src="XSS.java" />

0 commit comments

Comments
 (0)