To fix fortify scan “Log Forging” or “Cross Site Script Injection” issue need to remove script tag before printing log message in console or log file.

Why?

If logs statement having script tag then open these logs over browser like kibana while analysis. The script or content inside the script tag can execute that cause “cross-site script injections”.

Solutions

Call this lines of code which below uses a regular expression to identify valid script tags and removes them from the message while leaving the script code between the starting and end tags.