mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
19 lines
623 B
Java
19 lines
623 B
Java
// XSS — negative fixture.
|
|
// Safe: HTML-encodes special characters before output.
|
|
// Entry: Entry.renderPage(String) Cap: HTML_ESCAPE
|
|
// Expected verdict: NotConfirmed
|
|
|
|
public class Entry {
|
|
private static String escapeHtml(String s) {
|
|
return s.replace("&", "&")
|
|
.replace("<", "<")
|
|
.replace(">", ">")
|
|
.replace("\"", """)
|
|
.replace("'", "'");
|
|
}
|
|
|
|
public static void renderPage(String userInput) {
|
|
String safe = escapeHtml(userInput);
|
|
System.out.print("<html><body>" + safe + "</body></html>\n");
|
|
}
|
|
}
|