Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[doc] Missing escaping leads to XSS #1468
The documentation is however generated, so we have to fix the generator.
The generator produces out of jsp security.xml this markdown representation:
Scroll down to the rule "NoUnsanitizedJSPExpression" - the description contains the html tag, while in XML, we were using escapes.