Test case 2160

Type: source code
State: good
Author: Charline Cleraux
Status: accepted
Language: Java
Submission Date: 02 Feb 2010

Description

This servlet implements a fixed Cross-Site Scripting vulnerability (XSS) with a loop complexity: the data provided by the client in the field "data" is encoded so there is no more XSS.

Flaws

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Test Suites

Java Test Suite for Source Code Analyzer - false positive

Have any comments on this test case? Please, send us an email.