From a0c77e4bf241ecc8c648dff101675b4993179a70 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Tue, 15 Oct 2024 13:42:09 +0000
Subject: [PATCH] mobb fix commit: c5aa234a-f848-40ed-9c31-8db091b3a7b4

---
 pom.xml                                                      | 5 +++++
 .../example/web/controllers/ProductController.java           | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6b89e231..404f554e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -248,6 +248,11 @@
             <version>${fortify.version}}</version>
         </dependency-->
         
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>[4.0.9,)</version>
+        </dependency>
     </dependencies>
 
     <profiles>
diff --git a/src/main/java/com/microfocus/example/web/controllers/ProductController.java b/src/main/java/com/microfocus/example/web/controllers/ProductController.java
index 8a03f0b3..c97d6453 100644
--- a/src/main/java/com/microfocus/example/web/controllers/ProductController.java
+++ b/src/main/java/com/microfocus/example/web/controllers/ProductController.java
@@ -52,6 +52,7 @@ Insecure Web App (IWA)
 import java.nio.file.Paths;
 import java.security.Principal;
 import java.util.*;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * Controller for product pages
@@ -88,7 +89,7 @@ String GetControllerName() {
     @ResponseBody
     public ResponseEntity<String> getKeywordsContent(@Param("keywords") String keywords) {
 
-    	String retContent = "Product search using: " + keywords;
+    	String retContent = "Product search using: " + HtmlUtils.htmlEscape(HtmlUtils.htmlUnescape(String.valueOf(keywords)));
     	
         return ResponseEntity.ok().body(retContent);
     }