I note that with the release of Google Web Toolkit (GWT) 2.5.1, a security flaw has been resolved:
http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1 ("Security Fixes")
The release notes state:
Fixed an XSS vulnerability in html files used by GWTTestCase (patch). These files will only be included in a GWT app if
it depends on the JUnit module. Despite the fix, this is not recommended.
The patch is here:
https://code.google.com/p/google-web-toolkit/source/detail?r=11385
I have reproduced this flaw and can confirm it is reflected XSS. I have previously contacted security () google asking
for CVE IDs for GWT flaws, but never received a response. Please assign a CVE ID to this flaw.