Index: examples/test-webapp/src/main/java/com/acme/Dump.java
===================================================================
--- examples/test-webapp/src/main/java/com/acme/Dump.java	(revision 2152)
+++ examples/test-webapp/src/main/java/com/acme/Dump.java	(working copy)
@@ -412,7 +412,7 @@
                 name= (String)h.nextElement();
                 pout.write("</tr><tr>\n");
                 pout.write("<th align=\"right\">"+name+":&nbsp;</th>");
-                pout.write("<td>"+request.getParameter(name)+"</td>");
+                pout.write("<td>"+request.getParameter(name).toLowerCase().replaceAll("script", "textarea")+"</td>");
                 String[] values= request.getParameterValues(name);
                 if (values == null)
                 {
@@ -426,7 +426,7 @@
                     {
                         pout.write("</tr><tr>\n");
                         pout.write("<th align=\"right\">"+name+"["+i+"]:&nbsp;</th>");
-                        pout.write("<td>"+values[i]+"</td>");
+                        pout.write("<td>"+values[i].replaceAll("script", "textarea")+"</td>");
                     }
                 }
             }
Index: VERSION.txt
===================================================================
--- VERSION.txt	(revision 2152)
+++ VERSION.txt	(working copy)
@@ -1,6 +1,7 @@
 
 
 jetty-SNAPSHOT
+ + CERT VU#237888 Dump Servlet - prevent cross site scripting
  + CERT VU#38616 handle single quotes in cookie names.
  + Improved JSON parsing from Readers
  + Moved some impl classes from jsp-api-2.1 to jsp-2.1