Skip to content

Commit 9c1d5a7

Browse files
author
Sauyon Lee
committed
Java: Add test for XSS sanitizer
1 parent 9a5c0f6 commit 9c1d5a7

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

java/ql/test/query-tests/security/CWE-079/semmle/tests/SpringXSS.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import org.springframework.web.bind.annotation.PostMapping;
66
import org.springframework.web.bind.annotation.RequestMapping;
77
import org.springframework.web.bind.annotation.RestController;
8+
import org.springframework.web.util.HtmlUtils;
89

910
import java.util.Optional;
1011

@@ -157,4 +158,9 @@ public static String stringWithNoMediaType(String userControlled) {
157158
return userControlled; // $xss
158159
}
159160

160-
}
161+
@GetMapping(value = "/abc")
162+
public static String sanitizedString(String userControlled) {
163+
return HtmlUtils.htmlEscape(userControlled);
164+
}
165+
166+
}

0 commit comments

Comments
 (0)