Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Hemalatha Medarametla (_Hemalatha_M)
Infosys Ltd

Infosys Ltd
IN
_Hemalatha_M Member since 2016 14 posts
Infosys Ltd
Posted: Aug 9, 2017
Last activity: Aug 16, 2017
Posted: 9 Aug 2017 3:22 EDT
Last activity: 16 Aug 2017 2:22 EDT
Closed
Solved

Cross site scripting security issue

Hi

When ever user enters in AddNote and clicks on submit,Cross site scripting security issue is occuring. Please refer attached images and let me know how to overcome the issue..

Regards

HemalathaM.

To see attachments, please log in.
Security

Accepted Solution

Posted: 7 years ago
Posted: 16 Aug 2017 1:04 EDT
Hemalatha Medarametla (_Hemalatha_M)
Infosys Ltd

Infosys Ltd
IN

Hi All,

      Issue is resolved.I have used  crossScriptingFilter Function i.e  done property-set on pyNote as @(Pega-RULES:Utilities).crossScriptingFilter(.pyNote) in Postprocessing of flowaction .

To see attachments, please log in.
Posted: 7 years ago
Posted: 9 Aug 2017 4:46 EDT
Swarnendu Mukherjee (SwarnenduM)
BUPA
Swarnendu Mukherjee
BUPA
AU

Hi Hemlatha,

Why are you adding javascript tag in AddNote? Is it your business requirement? This doesn't look cross site scripting issue.

Pls check the below link to get more info on cross site issue.

https://docs-previous.pega.com/security/85/understanding-cross-site-scripting

To see attachments, please log in.
Posted: 7 years ago
Posted: 9 Aug 2017 9:37 EDT
Brad Tainter (Br@dTainter_GCS)
PEGA
Fellow, Technical Support, Platform Service
Pegasystems Inc.
US

Hi Hemlatha,

I would suggest you open an SR to have this looked at.  It is likely that the control you are using in not filtering for malicious content.

To see attachments, please log in.
Posted: 7 years ago
Posted: 9 Aug 2017 10:44 EDT
Lochana Durgada Vijayakumar (Lochan_DV)
PEGA
Senior Manager, Knowledge Management
Pegasystems Inc.
IN

Hello!

Please let us know if you do log an SR for this and its ID. That way we can track it and follow-up this discussion with the resolution.

Thank you,

To see attachments, please log in.

Accepted Solution

Posted: 7 years ago
Posted: 16 Aug 2017 1:04 EDT
Hemalatha Medarametla (_Hemalatha_M)
Infosys Ltd

Infosys Ltd
IN

Hi All,

      Issue is resolved.I have used  crossScriptingFilter Function i.e  done property-set on pyNote as @(Pega-RULES:Utilities).crossScriptingFilter(.pyNote) in Postprocessing of flowaction .

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice