Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 356091

Summary: JAX-RPC sample generator still vulnerable to cross site scripting (XSS)
Product: [WebTools] WTP Webservices Reporter: Keith Chong <keith.chong.ca>
Component: jst.wsAssignee: Keith Chong <keith.chong.ca>
Status: RESOLVED FIXED QA Contact: Keith Chong <keith.chong.ca>
Severity: normal    
Priority: P3 CC: ivanc
Version: unspecified   
Target Milestone: 3.3.2   
Hardware: PC   
OS: All   
Whiteboard:
Bug Depends on: 355865    
Bug Blocks: 356089    
Attachments:
Description Flags
Apply to org.eclipse.jst.ws.consumption none

Description Keith Chong CLA 2011-08-29 10:59:30 EDT 
+++ This bug was initially created as a clone of Bug #355865 +++

Build Identifier: 3.2.4

We are returning the exceptions java traces which includes the parameters passed through the sample. If the parameter includes any javascript it will be run in the client when we return the exception.

Reproducible: Always

For 3.3.1.
Comment 1 Keith Chong CLA 2012-01-26 13:56:43 EST 
Created attachment 210144 [details]
Apply to org.eclipse.jst.ws.consumption
Comment 2 Keith Chong CLA 2012-01-26 13:57:20 EST 
Need to fix this in the 3.3 maintenance stream.  The fix was already checked into 3.4 and 3.2.5
Comment 3 Keith Chong CLA 2012-01-26 18:57:06 EST 
Fix released for 3.3.2.