Description
At the moment the URL is stored 'as is' in the ApplicationRequest object. If shown later in a view, (e.g.: on a 404 page) it represents an XSS hole. To protect against this, the url should be sanitized through a call to htmlentities() prior to storage