Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 353273

Summary: JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS
Product: [WebTools] WTP Webservices Reporter: Keith Chong <keith.chong.ca>
Component: jst.wsAssignee: Ivan Castro <ivanc>
Status: CLOSED FIXED QA Contact: Keith Chong <keith.chong.ca>
Severity: normal    
Priority: P3    
Version: 3.3   
Target Milestone: 3.4 M2   
Hardware: PC   
OS: Windows XP   
Whiteboard:
Bug Depends on: 353269    
Bug Blocks: 353272    

Description Keith Chong CLA 2011-07-27 23:11:08 EDT 
+++ This bug was initially created as a clone of Bug #353269 +++

It is possible to enter Javascript in the input pane and have it executed when the form is submitted.   The JAX-RPC generator should be updated to prevent this.

Check in to HEAD (4.0)
Comment 1 Keith Chong CLA 2011-08-22 23:23:15 EDT 
Correction: For 3.4 (HEAD)
Comment 2 Keith Chong CLA 2011-08-22 23:35:10 EDT 
Released to HEAD (3.4)
Comment 3 Keith Chong CLA 2011-09-23 12:01:01 EDT 
Set proper milestone
Comment 4 Keith Chong CLA 2011-09-23 12:01:13 EDT 
Closing bug