ShiftLeftSecurity
diff --git a/‎README.md‎
Lines changed: 0 additions & 2 deletions b/‎README.md‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎flask_webgoat/ui.py‎
Lines changed: 0 additions & 1 deletion b/‎flask_webgoat/ui.py‎
Lines changed: 0 additions & 1 deletion
@@ -31,7 +31,6 @@ This project contains the following vulnerabilities:
 
 - Remote Code Execution
 - SQL injection
-- XSS
 - Insecure Deserialization
 - Directory Traversal
 - Open Redirect
@@ -47,7 +46,6 @@ $ grep vulnerability . -R -n | grep -v README
 ./flask_webgoat/actions.py:43: # vulnerability: Remote Code Execution
 ./flask_webgoat/users.py:37: # vulnerability: SQL Injection
 ./flask_webgoat/auth.py:17: # vulnerability: SQL Injection
-./flask_webgoat/ui.py:14: # vulnerability: XSS
 ./flask_webgoat/actions.py:60: # vulnerability: Insecure Deserialization
 ./flask_webgoat/actions.py:35: # vulnerability: Directory Traversal
 ./flask_webgoat/auth.py:45: # vulnerability: Open Redirect
 
@@ -16,7 +16,6 @@ def search():
  try:
  query = "SELECT username, access_level FROM user WHERE username LIKE ?;"
  results = query_db(query, (query_param,))
- # vulnerability: XSS
  return render_template(
  "search.html", results=results, num_results=len(results), query=query_param
  )
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,6 @@ def search():`
`16`	`16`	`try:`
`17`	`17`	`query = "SELECT username, access_level FROM user WHERE username LIKE ?;"`
`18`	`18`	`results = query_db(query, (query_param,))`
`19`		`- # vulnerability: XSS`
`20`	`19`	`return render_template(`
`21`	`20`	`"search.html", results=results, num_results=len(results), query=query_param`
`22`	`21`	`)`