Fix V5_Reflected XSS

DavideAvellone · Jul 10, 2023 · 5d7cb78 · 5d7cb78
1 parent 39d17cd
commit 5d7cb78
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/com/notsecurebank/api/FeedbackAPI.java b/src/com/notsecurebank/api/FeedbackAPI.java
@@ -13,6 +13,7 @@
 import org.apache.log4j.Logger;
 import org.apache.wink.json4j.JSONException;
 import org.apache.wink.json4j.JSONObject;
+import org.apache.commons.text.StringEscapeUtils;
 
 import com.notsecurebank.model.Feedback;
 import com.notsecurebank.util.OperationsUtil;
@@ -46,6 +47,7 @@ public Response sendFeedback(String bodyJSON, @Context HttpServletRequest reques
 
         try {
             name = (String) myJson.get("name");
+            name = StringEscapeUtils.escapeHtml(name);
             email = (String) myJson.get("email");
             subject = (String) myJson.get("subject");
             comments = (String) myJson.get("message");