To fix the cross-site scripting vulnerability, we need to ensure that any user-controlled input is properly sanitized or encoded before being included in the HTTP response. In this case, we can use the HtmlUtils.htmlEscape method from the org.springframework.web.util package to escape the filename before including it in the response body. This will prevent any malicious scripts from being executed if the filename is rendered in a web page context.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/OpenFeign/feign/security/code-scanning/6
To fix the cross-site scripting vulnerability, we need to ensure that any user-controlled input is properly sanitized or encoded before being included in the HTTP response. In this case, we can use the
HtmlUtils.htmlEscapemethod from theorg.springframework.web.utilpackage to escape the filename before including it in the response body. This will prevent any malicious scripts from being executed if the filename is rendered in a web page context.Suggested fixes powered by Copilot Autofix. Review carefully before merging.