To fix the cross-site scripting vulnerability, we need to sanitize the user input before including it in the response. The best way to do this is to use a library that provides HTML escaping functionality to ensure that any potentially malicious characters in the filename are properly encoded.
We will:
Import the StringEscapeUtils class from the Apache Commons Text library.
Use the escapeHtml4 method to sanitize the filename before appending it to the response.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/OpenFeign/feign/security/code-scanning/8
To fix the cross-site scripting vulnerability, we need to sanitize the user input before including it in the response. The best way to do this is to use a library that provides HTML escaping functionality to ensure that any potentially malicious characters in the filename are properly encoded.
We will:
StringEscapeUtilsclass from the Apache Commons Text library.escapeHtml4method to sanitize the filename before appending it to the response.Suggested fixes powered by Copilot Autofix. Review carefully before merging.