To test vulnerability mitigation

  1. Confirm that the xssvalidation.isenable is set to true.
  2. Restart the servlet container (such as WebSphere).
  3. Access the application via a browser.
  4. Change or replace the value of a parameter in the query string (the URL) with <script>alert('You've been hacked!')</script>.

    When you attempt to use this URL, there will be an error message in the stack trace.