The last line of below code in my spring boot application, fortify giving XSS error.
E body;
HttpClient client = HttpClient.newHttpClient();
HttpRequest.Builder builder = ....
builder.POST(BodyPublishers.ofString((String)body));
return client.send(builder.build(), BodyHandlers.ofString());
Error Details
- Data enters a web application through an untrusted source. In the case of persistent (also known as stored) XSS, the untrusted source is typically a database or other back-end data store, while in the case of reflected XSS it is typically a web request.
- The data is included in dynamic content that is sent to a web user without validation.
I understand that the we need to validate the user input and encode/sanitize the output to fix this issue. Is there any recommended library to sanitize the data ( body variable) or any other alternative to fix the issue ?. I'm thinking to use JsonSanitizer or HtmlUtils.htmlEscape.