xml.append("<alertDesc>");
xml.append(desc);
xml.append("</alertDesc>");
response.getWriter().write(xml.toString());
response.setContentType("text/xml");
response.setHeader("Cache-Control", "no-cache");
xml is a StringBuffer object.
I have this piece of code and there is some leakage of sensitive data from the syntax response.getWriter().write(xml.toString());. I don't have any idea of this thing.
Can any one tell me something about this? This issue is been reported by a code audit tool.
use validator and escaping techniches from ESAPI to wrap the desc field It will help!!!!!