diff --git a/java/ql/src/semmle/code/java/security/XSS.qll b/java/ql/src/semmle/code/java/security/XSS.qll
index 9f5ed3fe9d6..fd1fdcde061 100644
--- a/java/ql/src/semmle/code/java/security/XSS.qll
+++ b/java/ql/src/semmle/code/java/security/XSS.qll
@@ -97,6 +97,7 @@ class WritingMethod extends Method {
     (
       this.getName().matches("print%") or
       this.getName() = "append" or
+      this.getName() = "format" or
       this.getName() = "write"
     )
   }