<div class="width-20">
<div class="inputBlock clear">
<label>Select a month:
<form:select id="monthSelected" path="month"
items="${form.monthList}" itemLabel="label"
itemValue="value" />
</label>
</div>
</div>
我收到此错误:
taint_path_call: Form.getMonthList() returns the tainted data.All elements of the collection are considered tainted.This event occurs inside org.apache.jsp.WEB_002dINF.jsp.reports.reports_jsp._jspService(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse), for which no source code was found.
(#1 of 1):跨站点脚本(XSS) 5. xss_injection_site:将$ {form.monthList}添加到HTML页面允许跨站点脚本,因为它没有针对上下文HTML双引号属性进行适当的清理。
monthList
是一种List<SelectOption>