commit 1f4d93651fdc71e0b661728a7c7efc9b4f524b5a
author Dominik Mizyn <d.mizyn@samsung.com> Thu May 30 10:47:56 2019 +0200
committer Dominik Mizyn <d.mizyn@samsung.com> Thu May 30 10:48:13 2019 +0200
tree fdf232903f5ea43b9d8659758b169bc6dbdff2ed
parent c5b960eaa66fcfdd69c4a8201d2c0ff8ee1253a8

XSS Vulnerability fix in DashboardSearchResultController

@SafeHtml annotation is used to fix this problem.
New class 'SecureString' must be added to project to valid incoming Strings
from '@RequestParam String incoming String'
pom.xml file update.

This patch also fix:
* remove unnecessary semicolon
* Sonar issue: Replace the type specification in this constructor call with
 the diamond operator ("<>")

Issue-ID: PORTAL-601
Change-Id: Id214b6e65f0c486141679fd23725a7fb66443acd
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

ecomp-portal-BE-common/pom.xml

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index b8787f7..aca5e2a 100644
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -600,6 +600,24 @@
 			<artifactId>jackson-jaxrs-json-provider</artifactId>
 			<version>2.8.10</version>
 		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.glassfish.web/javax.el -->
+		<dependency>
+			<groupId>org.glassfish.web</groupId>
+			<artifactId>javax.el</artifactId>
+			<version>2.2.6</version>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/javax.el/el-api -->
+		<dependency>
+			<groupId>javax.el</groupId>
+			<artifactId>el-api</artifactId>
+			<version>2.2.1-b04</version>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.jsoup/jsoup -->
+		<dependency>
+			<groupId>org.jsoup</groupId>
+			<artifactId>jsoup</artifactId>
+			<version>1.12.1</version>
+		</dependency>
 		<dependency>
 			<groupId>org.glassfish.jersey.connectors</groupId>
 			<artifactId>jersey-jetty-connector</artifactId>