如何修复ServletOutputStream中“Web页面（基本XSS）中与脚本相关的HTML标记的不正确中性化”

下面的代码在out.write行（outByte,0,iRead）上给出了veracode缺陷“Web页面中与脚本相关的HTML标记的不适当中性化”；：

try {
    bytesImage = helper.getBlob(Integer.parseInt(id) );
    ByteArrayInputStream bin = new ByteArrayInputStream(bytesImage);
    ServletOutputStream out = response.getOutputStream();
    outByte = new byte[bytesImage.length];
    int iRead = 0;
    while ((iRead = bin.read(outByte)) > 0) {
        out.write(outByte,0,iRead); 
    }           


I found a lot of similar issues here but all with strings only. These coulde be fixed with something like this:

> out.write ( ESAPI.encoder().encodeForHTML(theSimpleString) );


but for the binary OutputStream this will not work.
Any hints how to get above veracode issue solved?

正如@sinkmanu所建议的，我尝试将字节转换为字符串。然后应用esapi.encoder().encodeforhtml（）。

private static String base64Encode(byte[] bytes) {
   return new BASE64Encoder().encode(bytes);
}
private static byte[] base64Decode(String s) throws IOException {
   return new BASE64Decoder().decodeBuffer(s);
}        

bytes = helper.getBlob( inId );

// 1 -> this solves Veracode issue but image is not valid anymore
String encodedString = base64Encode(bytes) ; 
String safeString = ESAPI.encoder().encodeForHTML(encodedString);
safeBytes = base64Decode(safeString);

// 2 -> as written above, when i use the safe 'safeBytes' the Veracode flaw is gone but the app is not working anymore (image not ok)
// ByteArrayInputStream bin = new ByteArrayInputStream(safeBytes);
// outBytes = new byte[safeBytes.length];

// 3 -> just use the 'unsafe' bytes -> app is working but veracode flaw needs to be fixed!
ByteArrayInputStream bin = new ByteArrayInputStream(bytes);
outBytes = new byte[bytes.length];

int iRead=0;
ServletOutputStream out = response.getOutputStream();

while ((iRead = bin.read(outBytes)) > 0) {
    out.write(  outBytes, 0, iRead); 
}           

...

上面可以解决veracode问题（当2未注释时），但图像似乎已经损坏（不能再是进程了？）。有什么提示我如何解决二进制流的veracode问题吗？