StringAttribute.encode doesn't encode correctly
Brought to you by:
farrukh_najmi,
sethp
Menu
▾
▴
#30 StringAttribute.encode doesn't encode correctly
<?xml version="1.0" encoding="UTF-8"?>
<Request xmlns="urn:oasis:names:tc:xacm:2.0:context:schema:os">
<Subject>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue><script>alert("foo");</script></AttributeValue>
</Attribute>
</Subject>
<Resource/>
<Action/>
<Environment/>
</Request>
public void testEncode() {
try {
RequestCtx req = RequestCtx.getInstance(new FileInputStream(
"data/encode_test.req"));
ByteArrayOutputStream baos = new ByteArrayOutputStream();
req.encode(baos);
System.out.println(baos);
assertTrue(baos.toString().indexOf("<script>") == -1);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}