From 5d7cb78109980c80785b8f3340f04e99a0e1f1b8 Mon Sep 17 00:00:00 2001
From: Davide Avellone <d.avellone@reply.it>
Date: Mon, 10 Jul 2023 15:07:50 +0200
Subject: [PATCH] Fix V5_Reflected XSS

---
 src/com/notsecurebank/api/FeedbackAPI.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/com/notsecurebank/api/FeedbackAPI.java b/src/com/notsecurebank/api/FeedbackAPI.java
index c6c79a1..0df0671 100644
--- a/src/com/notsecurebank/api/FeedbackAPI.java
+++ b/src/com/notsecurebank/api/FeedbackAPI.java
@@ -13,6 +13,7 @@
 import org.apache.log4j.Logger;
 import org.apache.wink.json4j.JSONException;
 import org.apache.wink.json4j.JSONObject;
+import org.apache.commons.text.StringEscapeUtils;
 
 import com.notsecurebank.model.Feedback;
 import com.notsecurebank.util.OperationsUtil;
@@ -46,6 +47,7 @@ public Response sendFeedback(String bodyJSON, @Context HttpServletRequest reques
 
         try {
             name = (String) myJson.get("name");
+            name = StringEscapeUtils.escapeHtml(name);
             email = (String) myJson.get("email");
             subject = (String) myJson.get("subject");
             comments = (String) myJson.get("message");