Patched /tmp/tmpibsnat3l/src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java

patched.codes[bot] · patched.codes[bot] · commit 743bac707fe8 · 2024-08-02T10:01:07.000Z
diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java
@@ -98,7 +98,13 @@ else if (step.equals("done")){
 			request.getSession().setAttribute("surveyStep", step);
 		}
 		response.setContentType("text/html");
-		response.getWriter().write(content);
+		import org.apache.commons.text.StringEscapeUtils;
+		
+		// Encode the input using the Html4 encoder
+		String encodedContent = StringEscapeUtils.escapeHtml4(content);
+		
+		// Write encoded response
+		response.getWriter().write(encodedContent);
 		response.getWriter().flush();
 		
 	}

Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,13 @@ else if (step.equals("done")){`
`98`	`98`	`request.getSession().setAttribute("surveyStep", step);`
`99`	`99`	`}`
`100`	`100`	`response.setContentType("text/html");`
`101`		`- response.getWriter().write(content);`
	`101`	`+ import org.apache.commons.text.StringEscapeUtils;`
	`102`	`+`
	`103`	`+ // Encode the input using the Html4 encoder`
	`104`	`+ String encodedContent = StringEscapeUtils.escapeHtml4(content);`
	`105`	`+`
	`106`	`+ // Write encoded response`
	`107`	`+ response.getWriter().write(encodedContent);`
`102`	`108`	`response.getWriter().flush();`
`103`	`109`
`104`	`110`	`}`