Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

446
Views
 Brahmeswara Rao ([email protected]) CGI Developer
CGI
SE
[email protected] Member since 2013 172 posts
CGI
Posted: May 14, 2020
Last activity: May 14, 2020
Posted: 14 May 2020 15:05 EDT
Last activity: 14 May 2020 15:50 EDT
Closed

How to handle HTML escape character codes and cross-site scripting in inbound service request

Report

We have an API to receive the notes/comments from external system and notes gets tagged to the requested case . we have the following the challenges with notes .

1)  Name value is being received with html escape and the same value is being stored in table . Is there anyway to unescape the html codes of all attributes of MyservicePage while mapping the inbound request ?.

2)  How to impose cross-site scripting filter on service inbound request . I tried to use @crossScriptingFilter(.Content) but still returning the input content .

{     "ID": "createdByInfoId 7",     "Name": "M&#229;rten",      "Content": "<script>alert(hi);</script>"

}

Pega Platform 7.3.1 Data Integration Security Financial Services

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice