hiifong/pmd
1
0
Fork 0
forked from phoedos/pmd
Code Pull Requests Activity

Fix XSS on documentation web page

Browse Source 
Ironically, the corresponding documentation page (https://pmd.github.io/latest/pmd_rules_jsp_security.html#nounsanitizedjspexpression) is subject to XSS!
This commit is contained in:
Maxime Robert
2018-11-15 12:46:54 +01:00
committed by GitHub
parent 79c1dbe552
commit e42564c019
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/pages/pmd/rules/jsp/security.md
View File

@ -46,7 +46,7 @@ through SSL. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q261188
**Priority:** Medium (3)
Avoid using expressions without escaping / sanitizing. This could lead to cross site scripting - as the expression
would be interpreted by the browser directly (e.g. "<script>alert('hello');</script>").
would be interpreted by the browser directly (e.g. "&lt;script&gt;alert('hello');&lt;/script&gt;").
**This rule is defined by the following Java class:** [net.sourceforge.pmd.lang.jsp.rule.security.NoUnsanitizedJSPExpressionRule](https://github.com/pmd/pmd/blob/master/pmd-jsp/src/main/java/net/sourceforge/pmd/lang/jsp/rule/security/NoUnsanitizedJSPExpressionRule.java)