After learning from an external auditor that his code was susceptible to attack, George decided to
rewrite some of his code to look like the following. What is George preventing by changing the
code?
public voif doContent(…) {
…
String s;
if ((s = getUsernameByID(“userid”)) != null) {
s = StringUtils.encodeToHTML(s, 50);
response.write(“<br>Applicant:<u>” + s +
“</u>”);
}
…
}
A.
Query string manipulation
B.
XSS attack
C.
Cookie poisoning
D.
SQL injection
Explanation: