From d4efe112b162c901cb03a4f37d57a93c6e138075 Mon Sep 17 00:00:00 2001
From: Ravi Kumar <41137863+ravirk91@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:03:16 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 560: Cross-site
 scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 Ginger/GingerCoreNET/External/WireMock/WireMockAPI.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Ginger/GingerCoreNET/External/WireMock/WireMockAPI.cs b/Ginger/GingerCoreNET/External/WireMock/WireMockAPI.cs
index bad50ab97..1b1dca9c2 100644
--- a/Ginger/GingerCoreNET/External/WireMock/WireMockAPI.cs
+++ b/Ginger/GingerCoreNET/External/WireMock/WireMockAPI.cs
@@ -20,6 +20,7 @@ limitations under the License.
 using Amdocs.Ginger.Common;
 using Amdocs.Ginger.Common.External.Configurations;
 using System;
+using System.Net;
 using System.Net.Http;
 using System.Text;
 using System.Text.Json;
@@ -167,7 +168,7 @@ public async Task<string> CreateStubAsync(string stubMapping, string contentType
                         body = doc.RootElement.GetRawText();
                     }
 
-                    var content = new StringContent(body, Encoding.UTF8, contentType);
+                    var content = new StringContent(WebUtility.HtmlEncode(body), Encoding.UTF8, contentType);
                     HttpResponseMessage response = await client.PostAsync($"{NormalizeUrl(GingerCore.ValueExpression.PasswordCalculation(_baseUrl))}{MappingEndpoint}", content);
                     response.EnsureSuccessStatusCode();
                     return await response.Content.ReadAsStringAsync();