search
ProductsBook A DemoContact Us

Unsanitized user input in HTTP response (XSS)

hashtag
Overview

  • Rule ID: java_lang_http_response_splitting

  • Applicable Languages: Java

  • Weakness ID: CWE-79

hashtag
Description

Including unsanitized user input in a HTTP response could allow an attacker inject Carriage Return Line Feed (CRLF) characters into the response. An entirely attacker-controlled response can then be returned, creating a cross-site scripting (XSS) vulnerability.

hashtag
Remediation Guidelines

  • Avoid incorporating user input into cookies or other HTTP headers without appropriate sanitization to prevent attackers from exploiting the input to manipulate the response.

    // Avoid this approach
System.out.println(e); // Unsafe

  • To mitigate the risk of response splitting and XSS attacks, ensure to remove CRLF sequences from user input. You can use the following code snippet as a reference for sanitizing input in Java:

    var input = request.getParameter("data");
var sanitized = input.replaceAll("\r\n", "");
cookie.setValue(sanitized);

hashtag
References

hashtag
Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOLarrow-up-right

PreviousUnsanitized user input in HTTP request (SSRF)NextUnsanitized user input in LDAP request

Last updated