1 <p>This code directly writes an HTTP parameter to a Server error page (using HttpServletResponse.sendError). Echoing this untrusted input allows
2 for a reflected cross site scripting
3 vulnerability. See <a href="http://en.wikipedia.org/wiki/Cross-site_scripting">http://en.wikipedia.org/wiki/Cross-site_scripting</a>
4 for more information.</p>
5 <p>FindBugs looks only for the most blatant, obvious cases of cross site scripting.
6 If FindBugs found <em>any</em>, you <em>almost certainly</em> have more cross site scripting
7 vulnerabilities that FindBugs doesn't report. If you are concerned about cross site scripting, you should seriously
8 consider using a commercial static analysis or pen-testing tool.
projects / sonarqube.git / blob