Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Avoid using custom XSS filtering. Please use standard sanitization functions.

Examples

Insecure Code

class CustomRequestWrapper extends HttpServletRequestWrapper { ... }

Secure Code

use standard sanitization functions like OWASP ESAPI

Remediation

Use standard sanitization functions to prevent cross-site scripting attacks.

Rule Details

Field	Value
ID	CODE-0084
Category	Web
Severity	MEDIUM
CWE	CWE-79
Confidence	HIGH
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	EASY
Tags	xss, sanitization
OWASP	N/A

---