diff --git a/badCode.java b/badCode.java
new file mode 100644
index 0000000000..662fe4426e
--- /dev/null
+++ b/badCode.java
@@ -0,0 +1,19 @@
+package com.example.springxss;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class XSSController {
+
+    @GetMapping("/hello")
+    ResponseEntity<String> hello(@RequestParam(value = "name", defaultValue = "World") String name) {
+        return new ResponseEntity<>("Hello World!" + name, HttpStatus.OK);
+    }
+
+}