353269 – JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 353269 - JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS

Summary: JAX-RPC Sample JSP generator should produce Web samples that are not vulnerab...

Status:	RESOLVED FIXED

Alias:	None

Product:	WTP Webservices
Classification:	WebTools
Component:	jst.ws (show other bugs)
Version:	3.2.4
Hardware:	PC Windows XP

Importance:	P3 normal (vote)
Target Milestone:	3.2.5
Assignee:	Ivan Castro
QA Contact:	Keith Chong

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	353272 353273
	Show dependency tree

Reported:	2011-07-27 22:35 EDT by Keith Chong
Modified:	2011-08-22 23:01 EDT (History)
CC List:	0 users

See Also:

Attachments
Fix patch (4.76 KB, text/plain) 2011-07-28 09:57 EDT, Ivan Castro	keith.chong.ca: iplog+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Keith Chong

2011-07-27 22:35:28 EDT

It is possible to enter Javascript in the input pane and have it executed when the form is submitted.   The JAX-RPC generator should be updated to prevent this.

Comment 1 Ivan Castro

2011-07-28 09:57:49 EDT

Created attachment 200528 [details]
Fix patch

Comment 2 Keith Chong

2011-08-04 13:25:49 EDT

This was released for last week's 3.2.5 declared driver.