Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 355865

Summary: JAX-RPC sample generator still vulnerable to cross site scripting (XSS)
Product: [WebTools] WTP Webservices Reporter: Ivan Castro <ivanc>
Component: jst.wsAssignee: Ivan Castro <ivanc>
Status: RESOLVED FIXED QA Contact: Keith Chong <keith.chong.ca>
Severity: normal    
Priority: P3    
Version: unspecified   
Target Milestone: 3.2.5   
Hardware: PC   
OS: All   
Whiteboard:
Bug Depends on:    
Bug Blocks: 356089, 356091    
Attachments:
Description Flags
Fix patch keith.chong.ca: iplog+

Description Ivan Castro CLA 2011-08-25 11:42:57 EDT 
Build Identifier: 3.2.4

We are returning the exceptions java traces which includes the parameters passed through the sample. If the parameter includes any javascript it will be run in the client when we return the exception.

Reproducible: Always
Comment 1 Ivan Castro CLA 2011-08-25 12:23:24 EDT 
Created attachment 202164 [details]
Fix patch
Comment 2 Keith Chong CLA 2011-08-29 12:33:44 EDT 
Released for 3.2.5.