Unsanitized user input in HTTP response (XSS)

Description

Including unsanitized user input in a HTTP response allows an attacker to split the response by injecting CRLF characters. An entirely attacker-controlled response can then be returned, creating a cross-site scripting (XSS) vulnerability.

Remediations

✅ Avoid using user input in cookies or other headers

✅ Remove CRLF sequences from user input:

var input = request.getParameter("data");
var sanitized = input.replaceAll("\r\n", "");
cookie.setValue(sanitized);

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_http_response_splitting

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_http_response_splitting