Spring MVC - RAML Spec Synchroniser Plugin. A Maven plugin designed to Generate Server & Client code in Spring from a RAML API descriptor and conversely, a RAML API document from the SpringMVC Server implementation.
Apache License 2.0
136
stars
84
forks
source link
Decorator Customisation for Script Sanitisation #309
Would appreciate any advice - would have thought this issue to be very common (especially in large corporate organisations)
Ideally a flag I suppose to switch this on/off (toggle the behaviour above..)?
Guys - is there a way to customise the Decorator autogenerated. In veracode we are getting the following highlighted in the autogenerated decorator.
CW Improper neutralization of script-related html tags
Basically we need to neutralization the tags in a manner such as
StringEscapeUtils.escapeHtml(exposedField)
for all the arguments on the autogenerated message
so current behaviour is
return this.myDelegate.getStuff(exposedField1, exposedField2)
need this
return this.myDelegate.getStuff(StringEscapeUtils.escapeHtml(exposedField1), StringEscapeUtils.escapeHtml(exposedField2))
Would appreciate any advice - would have thought this issue to be very common (especially in large corporate organisations) Ideally a flag I suppose to switch this on/off (toggle the behaviour above..)?