New rule: NoUnsanitizedJSPExpressionRule #9

merged 4 commits into from Sep 29, 2014


None yet

4 participants

marob commented Sep 24, 2014

This rule detects unsanitized JSP Expressions that can lead to Cross Site Scripting (XSS) attacks


Andreas Dangel » pmd #173 SUCCESS
This pull request looks good
(what's this?)


Andreas Dangel » pmd #174 SUCCESS
This pull request looks good
(what's this?)

@adangel adangel merged commit 59706b9 into adangel:master Sep 29, 2014
adangel commented Sep 29, 2014


lysu commented Apr 1, 2015

hi @adangel ~

we want to use pmd to define some pattern to find some issue in our xml(e.g. spring xml configuration), but we meet some question when xml node has namespace..

   <uc:service interface="x.y.FooService" />

using xpath to define rule


but I doesn't work...

And I found some help in , and try to add Ns to xpath...

but It still doesn't work..It seems that AST node not contain any Namespace info .. but jaxen need it..

How can we fix it ??

(sorry...I want to add a issue in this repository but couldn't find any comment on this pull request) ^ ^

adangel commented Apr 1, 2015

This issue seems to be related to the discussion here:

This seems to be an open issue - I created one, because I didn't find an existing one:

A workaround seems to be to use node():

//node()[@interface = 'x.y.FooService']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment