SecurityTestRunner securityTestRunner, List<String> urls,
CrossSiteScriptingScanConfig parameterExposureCheckConfig, List<AssertionError> assertionErrorList) {
boolean throwException = false;
for (String url : urls) {
HttpTestRequestStep httpRequest = createHttpRequest((WsdlTestStep) testStep, url);
MessageExchange messageExchange2 = (MessageExchange) httpRequest.run((TestCaseRunner) securityTestRunner,
(SecurityTestRunContext) context);
for (String value : parameterExposureCheckConfig.getParameterExposureStringsList()) {
value = context.expand(value);// property expansion support
String match = SecurityScanUtil.contains(context, new String(messageExchange2.getRawResponseData()),
value, false);
if (match != null) {
String shortValue = value.length() > 25 ? value.substring(0, 22) + "... " : value;
String message = "XSS content sent in request '" + shortValue + "' is exposed in response on link "
+ url + " . Possibility for XSS script attack in: " + messageExchange.getModelItem().getName();