Contributions
getXmlHolder crashing groovy script
Hi, I'm running a TestCase where I am injecting values into a Soap Request and then firing them at my service to test for certain vulnerabilities. The script currently breaks while trying to retrieve the response. I know why it's breaking, but I'm uncertain as to how to fix the issue. When I send the request, I'm getting a fault returned (as is expected), however it contains a piece of javascript code for error handling, which is what is tripping up the groovy script it seems. The line that is causing the error: def response = groovyUtils.getXmlHolder( "SOAP Request#Response" ) The response that is crashing that line: <?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:xsd="http://www.w3.org/1999/XMLSchema"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Client</faultcode> <faultstring>Invalid key: <IMG%20src='x-javascript:alert(document.cookie)'></faultstring> <faultactor>/search/beta2</faultactor> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope> Error message: org.apache.xmlbeans.XmlException: error: Unexpected character encountered (lex state 8): '%' error: Unexpected character encountered (lex state 8): '%' So my question at this point is this: How do I escape those characters or otherwise sanitize them if I can't get it to even load the XmlHolder?3.4KViews0likes1Comment