Skip to content

Add XSS with different complexity levels#3

Open
misonijnik wants to merge 1 commit intodemo/basefrom
demo/xss-complexity
Open

Add XSS with different complexity levels#3
misonijnik wants to merge 1 commit intodemo/basefrom
demo/xss-complexity

Conversation

@misonijnik
Copy link
Member

@misonijnik misonijnik commented Mar 25, 2026

No description provided.

@misonijnik
Add XSS with different complexity levels
2cd58b5 
This reverts commit e083d9e36b074185b22f13bd2267ceda269a203c.
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 25, 2026
View reviewed changes
src/main/java/org/seqra/complexity/UserProfileController.java
public String displayUserProfile(
@RequestParam(defaultValue = "Welcome") String message) {
// Direct output without escaping
return "<html><body><h1>Profile Message: " + message + "</h1></body></html>";

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/complexity/UserProfileController.java
// Assign to local variable
String htmlContent = "<html><body><h1>User Status: " +
message + "</h1></body></html>";
return htmlContent;

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/complexity/UserProfileController.java
public String generateDashboard(
@RequestParam(defaultValue = "Welcome") String greeting) {
String htmlContent = buildDashboardContent(greeting);
return htmlContent;

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/complexity/UserProfileController.java
@RequestParam(defaultValue = "New Message") String content) {
Profile.MessageTemplate template = new Profile.MessageTemplate(content);
// Return nested content
return template.body.content.text;

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/complexity/UserProfileController.java
Profile.UserProfile profile = new Profile.UserProfile(content);

// Return nested content
return profile.settings.config.template.body.content.text;

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/complexity/UserProfileController.java
// Construct a page using a chain of builders
String page = new HtmlPageBuilder().message(message).buildPage();

return page;

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/complexity/UserProfileController.java
String page = new HtmlPageBuilder().message(message)
.format(new DefaultFormatter()).buildPage();

return page;

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@misonijnik