0
<% 
String ans = ""; 
ans = SpecialCharacter.getEscapeString((String)request.getAttribute("ans"));
%>

<input type="text" class="txt long" name="ans" id="ans" maxlength="48" value="${ans}"/>

I have code like above, and I am using template literals already to substitute value but veracode scan still shows me that it is xss vulnerable. How do I fix in such case?

logger
  • 1,983
  • 5
  • 31
  • 57

1 Answers1

0

Use OWASP Java Encoder use <input type="text" class="txt long" name="ans" id="ans" maxlength="48" value="<%= Encode.forHtmlAttribute(ans)%>" />

SPoint
  • 582
  • 2
  • 10