This repository has been archived by the owner on Feb 5, 2022. It is now read-only.
html injection #26
Comments
rstoyanchev
added a commit
that referenced
this issue
Jan 23, 2018
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
in /spring-mvc-showcase/src/main/webapp/WEB-INF/views/form.jsp
u forget to write a c:out tag in <div id="message" class="success">${message}</div>
so if u input a name like "Test<script>alert('abc')</script>", and click submit button, you will see what i mean
The text was updated successfully, but these errors were encountered: