Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Prashant Jain (Prashant_Jain)
Coforge Limited
Technical Lead
Coforge Limited
IN
Prashant_Jain Member since 2013 2 posts
Coforge Limited
Posted: Apr 21, 2017
Last activity: May 17, 2017
Posted: 21 Apr 2017 2:58 EDT
Last activity: 17 May 2017 7:46 EDT
Closed

Plus sign "+" in request XML is shown as "+" in the Upload Document Service

In our Connect-HTTP Upload document service, we have a field called DOCUMENT-CONTENT, which takes document content streame in Base64 encoded format. We need to pass the attach document stream to the DOCUMENT-CONTENT field to store the document.

After dubugging request XML sent to the network we found that all the '+' signs in the DOCUMENT-CONTENT field have replaced with '+'. Following a pdn article (https://pdn.pega.com/support-articles/plus-sign-pystatuslabel-shown) I found, this is due to a defect in Pegasystems’ rules that the label which contains '+' gets encoded twice due to which it becomes ' +'. This gets resolved in UI as '&43#;'. This problem has been fixed in Pega 7.1.9 for labels but problem seems to exist for integrations. Can someone please assist?

To see attachments, please log in.
Data Integration

Posted: 7 years ago
Posted: 24 Apr 2017 5:04 EDT
Prashant Jain (Prashant_Jain)
Coforge Limited
Technical Lead
Coforge Limited
IN

As a work around we have changed Mapping Mode of Document_Content field in the XML Stream rule from Standard to XML Literal. Not sure at this stage will this violates security as we getting a severe warning (Using "mode=literal" can expose the system to cross site scripting attacks - use with caution). But our service  is working. If you can provide a better approach, most welcome.

To see attachments, please log in.
Posted: 7 years ago
Posted: 24 Apr 2017 11:46 EDT
Marissa Rogers (MarissaRogers)
MOD
Principal Knowledge Management Specialist
Pegasystems Inc.
US

Hi Prashant_Jain,

I did a search on the warning you are receiving "Using "mode=literal" can expose the system to cross site scripting attacks - use with caution" and came up with this post where a HotFix was requested. Does this apply to your question?

To see attachments, please log in.
Posted: 7 years ago
Posted: 17 May 2017 7:46 EDT
Prashant Jain (Prashant_Jain)
Coforge Limited
Technical Lead
Coforge Limited
IN

Thanks Marrissa.

The linked post doesn't apply to us as no automatic mode conversion is happening with our code.

Rather, I have explicitly and additionally encoded my document content field (additional to the automatic encoding done by PRPC). This ensures the document content passed to the service contains no special characters. 

The approach may have disadvantage as the external system can't view our document but this suits our requirement as we want to display documents from and within Pega only so this is absolutely fine for us.

Regards,

Prashant 

 

 

 

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice