From f8d6ce27b4246148d4dbcef491d56cffcf5bf678 Mon Sep 17 00:00:00 2001
From: "Cristobal Buenrostro Lopez (ZEN3 INFOSOLUTIONS AMERICA INC) (from Dev
 Box)" <v-bcristobal@microsoft.com>
Date: Wed, 16 Oct 2024 16:09:38 -0700
Subject: [PATCH] Cross-site scripting bug - Java sample

---
 js/samples/quickstart-java/pom.xml                        | 6 +++---
 .../Microsoft/ImmersiveReader/GetAuthTokenServlet.java    | 8 +++-----
 .../quickstart-java/src/main/webapp/resources/helpers.js  | 7 ++++++-
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/js/samples/quickstart-java/pom.xml b/js/samples/quickstart-java/pom.xml
index 3e57220..2f6af72 100644
--- a/js/samples/quickstart-java/pom.xml
+++ b/js/samples/quickstart-java/pom.xml
@@ -32,9 +32,9 @@
     </dependency>
 
     <dependency>
-      <groupId>com.google.code.gson</groupId>
-      <artifactId>gson</artifactId>
-      <version>2.8.9</version>
+      <groupId>org.owasp.encoder</groupId>
+      <artifactId>encoder</artifactId>
+      <version>1.2.3</version>
     </dependency>
 
   </dependencies>
diff --git a/js/samples/quickstart-java/src/main/java/Microsoft/ImmersiveReader/GetAuthTokenServlet.java b/js/samples/quickstart-java/src/main/java/Microsoft/ImmersiveReader/GetAuthTokenServlet.java
index 365180a..14446c1 100644
--- a/js/samples/quickstart-java/src/main/java/Microsoft/ImmersiveReader/GetAuthTokenServlet.java
+++ b/js/samples/quickstart-java/src/main/java/Microsoft/ImmersiveReader/GetAuthTokenServlet.java
@@ -5,8 +5,7 @@ import javax.servlet.http.*;
 import java.io.*;
 import java.net.HttpURLConnection;
 import java.net.URL;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
+import org.owasp.encoder.Encode;
 
 public class GetAuthTokenServlet extends HttpServlet {
 
@@ -27,11 +26,10 @@ public class GetAuthTokenServlet extends HttpServlet {
         }
 
         String token = getToken();
-        httpServletResponse.setContentType("application/json");
-        JsonObject tokenJson = JsonParser.parseString(token).getAsJsonObject();
+        String sanitizedToken = Encode.forJava(token);
 
         PrintWriter writer = httpServletResponse.getWriter();
-        writer.write(tokenJson.toString());
+        writer.write(sanitizedToken);
         writer.flush();
     }
 
diff --git a/js/samples/quickstart-java/src/main/webapp/resources/helpers.js b/js/samples/quickstart-java/src/main/webapp/resources/helpers.js
index b5c61b8..1c0bcc3 100644
--- a/js/samples/quickstart-java/src/main/webapp/resources/helpers.js
+++ b/js/samples/quickstart-java/src/main/webapp/resources/helpers.js
@@ -4,10 +4,15 @@ function getTokenAsync() {
       url: "/getAuthTokenServlet",
       type: "GET",
       success: function (response) {
-        const data = response;
+        let data = response;
         if (data.error) {
           reject(data.error);
         } else {
+          // decode token
+          const decodedData = data
+              .replace(/\\"/g, '"')   // Unescape escaped quotes
+              .replace(/\\\\/g, '\\'); // Unescape escaped backslashes
+          data = JSON.parse(decodedData);
           const token = data["access_token"];
           resolve({ token });
         }