sanitized getRowData XSS

ArctiqTeam · Aug 8, 2024 · c52567d · c52567d
1 parent 9d55f60
commit c52567d
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 13 deletions.
diff --git a/pom.xml b/pom.xml
@@ -71,5 +71,12 @@
 			<artifactId>javax.servlet-api</artifactId>
 			<version>3.1.0</version>
 		</dependency>
+
+		<dependency>
+        	<groupId>org.apache.commons</groupId>
+        	<artifactId>commons-text</artifactId>
+        	<version>1.9</version>
+    	</dependency>
+
 	</dependencies>
 </project>
diff --git a/src/main/java/com/bittercode/util/HTMLUtils.java b/src/main/java/com/bittercode/util/HTMLUtils.java
@@ -0,0 +1,10 @@
+package com.bittercode.util;
+
+import org.apache.commons.text.StringEscapeUtils;
+
+public class HTMLUtils {
+
+    public static String escapeHtml(String input) {
+        return StringEscapeUtils.escapeHtml4(input);
+    }
+}
diff --git a/src/main/java/servlets/StoreBookServlet.java b/src/main/java/servlets/StoreBookServlet.java
@@ -16,6 +16,22 @@
 import com.bittercode.service.impl.BookServiceImpl;
 import com.bittercode.util.StoreUtil;
 
+import com.bittercode.model.Book;
+import com.bittercode.service.BookService;
+import com.bittercode.service.impl.BookServiceImpl;
+import com.bittercode.util.HTMLUtils;
+import com.bittercode.util.StoreUtil;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+
 public class StoreBookServlet extends HttpServlet {
 
     // book service for database operations and logics
@@ -34,10 +50,6 @@ public void service(HttpServletRequest req, HttpServletResponse res) throws IOEx
         }
         try {
 
-            // Add/Remove Item from the cart if requested
-            // store the comma separated bookIds of cart in the session
-            // StoreUtil.updateCartItems(req);
-
             RequestDispatcher rd = req.getRequestDispatcher("SellerHome.html");
             rd.include(req, res);
             pw.println("<div class='container'>");
@@ -78,18 +90,15 @@ public void service(HttpServletRequest req, HttpServletResponse res) throws IOEx
 
     public String getRowData(Book book) {
         return "    <tr>\r\n"
-                + "      <th scope=\"row\">" + book.getBarcode() + "</th>\r\n"
-                + "      <td>" + book.getName() + "</td>\r\n"
-                + "      <td>" + book.getAuthor() + "</td>\r\n"
+                + "      <th scope=\"row\">" + HTMLUtils.escapeHtml(book.getBarcode()) + "</th>\r\n"
+                + "      <td>" + HTMLUtils.escapeHtml(book.getName()) + "</td>\r\n"
+                + "      <td>" + HTMLUtils.escapeHtml(book.getAuthor()) + "</td>\r\n"
                 + "      <td><span>&#8377;</span> " + book.getPrice() + "</td>\r\n"
-                + "      <td>"
-                + book.getQuantity()
-                + "      </td>\r\n"
+                + "      <td>" + book.getQuantity() + "</td>\r\n"
                 + "      <td><form method='post' action='updatebook'>"
-                + "          <input type='hidden' name='bookId' value='" + book.getBarcode() + "'/>"
+                + "          <input type='hidden' name='bookId' value='" + HTMLUtils.escapeHtml(book.getBarcode()) + "'/>"
                 + "          <button type='submit' class=\"btn btn-success\">Update</button>"
                 + "          </form>"
                 + "    </tr>\r\n";
     }
-
-}
+}