Jsoup XSS attack with URL encoded input
I’m having a Spring Web Application that exposes REST APIs.
I have implemented XSS filter using Jsoup that strips the input using Safelist.NONE.
The penetration testing team raised a concern where the input field content is URL encoded, th… Continue reading Jsoup XSS attack with URL encoded input