Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 353269 - JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS
Summary: JAX-RPC Sample JSP generator should produce Web samples that are not vulnerab...
Status: RESOLVED FIXED
Alias: None
Product: WTP Webservices
Classification: WebTools
Component: jst.ws (show other bugs)
Version: 3.2.4   Edit
Hardware: PC Windows XP
: P3 normal (vote)
Target Milestone: 3.2.5   Edit
Assignee: Ivan Castro CLA
QA Contact: Keith Chong CLA
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 353272 353273
  Show dependency tree
 
Reported: 2011-07-27 22:35 EDT by Keith Chong CLA
Modified: 2011-08-22 23:01 EDT (History)
0 users

See Also:


Attachments
Fix patch (4.76 KB, text/plain)
2011-07-28 09:57 EDT, Ivan Castro CLA
keith.chong.ca: iplog+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Keith Chong CLA 2011-07-27 22:35:28 EDT
It is possible to enter Javascript in the input pane and have it executed when the form is submitted.   The JAX-RPC generator should be updated to prevent this.
Comment 1 Ivan Castro CLA 2011-07-28 09:57:49 EDT
Created attachment 200528 [details]
Fix patch
Comment 2 Keith Chong CLA 2011-08-04 13:25:49 EDT
This was released for last week's 3.2.5 declared driver.