Cross Site scripting - issue accessing SMA
Our project uses site minder for our login . For Fixing Cross site scripting issue we have worked with our Site minder Team and updated our Site minder Policy to reflect the following
badcsschars='<,',>,%22' .
This fixed our issue of cross site scripting but after this was implemented we are not able to access the Links available inside SMA. ( Agent Management ,Logging and Tracing etc) . By Looking at the source code for the these Links
<A href="#" title="Defines operations and attributes for agent management" oncontextmenu="showMenuHandler('performDefaultOp.do?mbeanname=AgentManagement&name=com.pega.PegaRULES%3Acell%3DXXgp1_prod_cell%2Cname%3Dcom.pega.pegarules.management.AgentManagement%2Ctype%3Denterprise%2Cnode%3DXX7_XXgp1_prod_node%2Cprocess%3DAPP_pega_1%2Cid%3D%22<NODE ID>%22&mbeanVersion=1.0')
We see the Node ID is getting passed between %22 . Anyone able to by pass this issue or any other solution for accessing these links with the cross site scripting fixed?
Thanks in advance.