diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.java b/java/ql/src/Security/CWE/CWE-079/XSS.java
index e667036ee42..8b9a26825bc 100644
--- a/java/ql/src/Security/CWE/CWE-079/XSS.java
+++ b/java/ql/src/Security/CWE/CWE-079/XSS.java
@@ -3,7 +3,7 @@ public class XSS extends HttpServlet {
 	throws ServletException, IOException {
 		// BAD: a request parameter is written directly to the Servlet response stream
 		response.getWriter().print(
-				"The page \"" + request.getParameter("page") + "\" was not found."); // $xss
+				"The page \"" + request.getParameter("page") + "\" was not found.");
 
 	}
 }