Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 356089 - JAX-RPC sample generator still vulnerable to cross site scripting (XSS)
Summary: JAX-RPC sample generator still vulnerable to cross site scripting (XSS)
Status: RESOLVED FIXED
Alias: None
Product: WTP Webservices
Classification: WebTools
Component: jst.ws (show other bugs)
Version: unspecified   Edit
Hardware: PC All
: P3 normal (vote)
Target Milestone: 3.4 M2   Edit
Assignee: Ivan Castro CLA
QA Contact: Keith Chong CLA
URL:
Whiteboard:
Keywords:
Depends on: 355865 356091
Blocks:
  Show dependency tree
 
Reported: 2011-08-29 10:50 EDT by Keith Chong CLA
Modified: 2011-09-23 11:55 EDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Keith Chong CLA 2011-08-29 10:50:47 EDT
+++ This bug was initially created as a clone of Bug #355865 +++

Build Identifier: 3.2.4

We are returning the exceptions java traces which includes the parameters passed through the sample. If the parameter includes any javascript it will be run in the client when we return the exception.

Reproducible: Always

For HEAD stream. (3.4)
Comment 1 Keith Chong CLA 2011-09-01 00:57:30 EDT
Released to 3.4 (HEAD)