Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 353269

Summary: JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS
Product: [WebTools] WTP Webservices Reporter: Keith Chong <keith.chong.ca>
Component: jst.wsAssignee: Ivan Castro <ivanc>
Status: RESOLVED FIXED QA Contact: Keith Chong <keith.chong.ca>
Severity: normal    
Priority: P3    
Version: 3.2.4   
Target Milestone: 3.2.5   
Hardware: PC   
OS: Windows XP   
Whiteboard:
Bug Depends on:    
Bug Blocks: 353272, 353273    
Attachments:
Description Flags
Fix patch keith.chong.ca: iplog+

Description Keith Chong CLA 2011-07-27 22:35:28 EDT 
It is possible to enter Javascript in the input pane and have it executed when the form is submitted.   The JAX-RPC generator should be updated to prevent this.
Comment 1 Ivan Castro CLA 2011-07-28 09:57:49 EDT 
Created attachment 200528 [details]
Fix patch
Comment 2 Keith Chong CLA 2011-08-04 13:25:49 EDT 
This was released for last week's 3.2.5 declared driver.