356091 – JAX-RPC sample generator still vulnerable to cross site scripting (XSS)

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 356091 - JAX-RPC sample generator still vulnerable to cross site scripting (XSS)

Summary: JAX-RPC sample generator still vulnerable to cross site scripting (XSS)

Status:	RESOLVED FIXED

Alias:	None

Product:	WTP Webservices
Classification:	WebTools
Component:	jst.ws (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P3 normal (vote)
Target Milestone:	3.3.2
Assignee:	Keith Chong
QA Contact:	Keith Chong

URL:
Whiteboard:
Keywords:

Depends on:	355865
Blocks:	356089
	Show dependency tree

Reported:	2011-08-29 10:59 EDT by Keith Chong
Modified:	2012-01-26 18:57 EST (History)
CC List:	1 user (show)

See Also:

Attachments
Apply to org.eclipse.jst.ws.consumption (2.48 KB, patch) 2012-01-26 13:56 EST, Keith Chong	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Keith Chong

2011-08-29 10:59:30 EDT

+++ This bug was initially created as a clone of Bug #355865 +++

Build Identifier: 3.2.4

We are returning the exceptions java traces which includes the parameters passed through the sample. If the parameter includes any javascript it will be run in the client when we return the exception.

Reproducible: Always

For 3.3.1.

Comment 1 Keith Chong

2012-01-26 13:56:43 EST

Created attachment 210144 [details]
Apply to org.eclipse.jst.ws.consumption

Comment 2 Keith Chong

2012-01-26 13:57:20 EST

Need to fix this in the 3.3 maintenance stream.  The fix was already checked into 3.4 and 3.2.5

Comment 3 Keith Chong

2012-01-26 18:57:06 EST

Fix released for 3.3.2.