Skip to content

Add NewUserProfileController#1

Open
seqradev wants to merge 1 commit intomainfrom
seqradev/xss
Open

Add NewUserProfileController#1
seqradev wants to merge 1 commit intomainfrom
seqradev/xss

Conversation

@seqradev
Copy link
Member

@seqradev seqradev commented Feb 7, 2026

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 7, 2026
View reviewed changes
src/main/java/org/example/NewUserProfileController.java
public String displayUserProfile(
@RequestParam(defaultValue = "Welcome") String message) {
// Direct output without escaping
return "<html><body><h1>Profile Message: " + message + "</h1></body></html>";

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/example/NewUserProfileController.java
// Assign to local variable
String htmlContent = "<html><body><h1>User Status: " +
message + "</h1></body></html>";
return htmlContent;

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/example/NewUserProfileController.java
public String generateDashboard(
@RequestParam(defaultValue = "Welcome") String greeting) {
String htmlContent = buildDashboardContent(greeting);
return htmlContent;

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/example/NewUserProfileController.java
@RequestParam(defaultValue = "New Message") String content) {
Profile.MessageTemplate template = new Profile.MessageTemplate(content);
// Return nested content
return template.body.content.text;

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/example/NewUserProfileController.java
Profile.UserProfile profile = new Profile.UserProfile(content);

// Return nested content
return profile.settings.config.template.body.content.text;

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/example/NewUserProfileController.java
// Construct a page using a chain of builders
String page = new HtmlPageBuilder().message(message).buildPage();

return page;

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/example/NewUserProfileController.java
String page = new HtmlPageBuilder().message(message)
.format(new DefaultFormatter()).buildPage();

return page;

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/example/NewUserProfileController.java
String page = new HtmlPageBuilder().message(message)
.format(new EscapeFormatter()).buildPage();

return page;

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@seqradev