Fix code scanning alert no. 13: Cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
OpenFeign · Oct 21, 2024 · 27fc500 · 27fc500
1 parent 368d2d0
commit 27fc500
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/feign-form-spring/pom.xml b/feign-form-spring/pom.xml
@@ -35,6 +35,11 @@
   </properties>
 
   <dependencies>
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-text</artifactId>
+      <version>1.12.0</version>
+    </dependency>
     <dependency>
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>

diff --git a/feign-form-spring/src/test/java/feign/form/feign/spring/Server.java b/feign-form-spring/src/test/java/feign/form/feign/spring/Server.java
@@ -22,6 +22,7 @@
 import static org.springframework.http.MediaType.MULTIPART_FORM_DATA_VALUE;
 
 import java.io.IOException;
+import org.apache.commons.text.StringEscapeUtils;
 import java.util.Map;
 import lombok.val;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -99,7 +100,7 @@ public ResponseEntity<String> upload6(
     String result = "";
     if (popa1 != null && popa2 != null) {
       status = OK;
-      result = new String(popa1.getBytes()) + new String(popa2.getBytes());
+      result = StringEscapeUtils.escapeHtml4(new String(popa1.getBytes())) + StringEscapeUtils.escapeHtml4(new String(popa2.getBytes()));
     }
     return ResponseEntity.status(status).body(result);
   }