Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111

Issue-ID: AAF-1115
Change-Id: I05d8d7a19236ad476d2a37b51a6c4a84ba2b8546
Signed-off-by: Raviteja Cherughattu <rc835m@att.com>

2 files changed, 8 insertions, 2 deletions

diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml
index d24e8510..d4183fb9 100644
--- a/misc/xgen/pom.xml
+++ b/misc/xgen/pom.xml
@@ -78,6 +78,11 @@
             <artifactId>aaf-misc-env</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>		
+			<groupId>org.owasp.encoder</groupId>		
+			<artifactId>encoder</artifactId>		
+			<version>1.2.1</version>		
+		</dependency>        
     </dependencies>
     
     <!-- ============================================================== -->
diff --git a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java
index 9f1f2a38..0d41bd9b 100644
--- a/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java
+++ b/misc/xgen/src/main/java/org/onap/aaf/misc/xgen/Section.java
@@ -28,6 +28,7 @@ import org.onap.aaf.misc.env.APIException;
 import org.onap.aaf.misc.env.Env;

 import org.onap.aaf.misc.env.Trans;

 import org.onap.aaf.misc.xgen.html.State;

+import org.owasp.encoder.Encode;

 

 public class Section<G extends XGen<G>> {

     protected int indent;

@@ -48,11 +49,11 @@ public class Section<G extends XGen<G>> {
     }

 

     public void forward(Writer w) throws IOException {

-        w.write(forward);

+    	w.write(Encode.forJava(forward));

     }

     

     public void back(Writer w) throws IOException {

-        w.write(backward);

+    	w.write(Encode.forJava(backward));

     }

     

     public String toString() {