获取以下Fortify错误:
Fortify描述是:xxx.java中的方法xxx()将未经验证的数据发送到第168行的Web浏览器,这可能导致浏览器执行恶意代码。
这是我们在Java中发送Ajax响应的代码。
@ResponseBody
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@POST
@RequestMapping(value = "/onConfirmSubmit")
public ResponseEntity<String> onConfirmSubmit(@RequestBody @Valid final Form form,
final HttpServletRequest request, final HttpServletResponse response)
throws Exception, ServiceException {
final HttpHeaders headers = new HttpHeaders();
headers.set(CONTENT_TYPE, MediaType.APPLICATION_JSON);
HttpStatus responseStatus = HttpStatus.OK;
handler.populateData(form);
String body = handler.processRequest(form, request);
return ResponseEntity.status(responseStatus).body(body);
}