Skip to content

Commit 049b738

Browse files
Potential fix for code scanning alert no. 560: Cross-site scripting (#4490)
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1 parent 29052ac commit 049b738

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

Ginger/GingerCoreNET/External/WireMock/WireMockAPI.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ limitations under the License.
2020
using Amdocs.Ginger.Common;
2121
using Amdocs.Ginger.Common.External.Configurations;
2222
using System;
23+
using System.Net;
2324
using System.Net.Http;
2425
using System.Text;
2526
using System.Text.Json;
@@ -167,7 +168,7 @@ public async Task<string> CreateStubAsync(string stubMapping, string contentType
167168
body = doc.RootElement.GetRawText();
168169
}
169170

170-
var content = new StringContent(body, Encoding.UTF8, contentType);
171+
var content = new StringContent(WebUtility.HtmlEncode(body), Encoding.UTF8, contentType);
171172
HttpResponseMessage response = await client.PostAsync($"{NormalizeUrl(GingerCore.ValueExpression.PasswordCalculation(_baseUrl))}{MappingEndpoint}", content);
172173
response.EnsureSuccessStatusCode();
173174
return await response.Content.ReadAsStringAsync();

0 commit comments

Comments
 (0)