Posted: 14 May 2020 15:05 EDT Last activity: 14 May 2020 15:50 EDT
How to handle HTML escape character codes and cross-site scripting in inbound service request
We have an API to receive the notes/comments from external system and notes gets tagged to the requested case . we have the following the challenges with notes .
1) Name value is being received with html escape and the same value is being stored in table . Is there anyway to unescape the html codes of all attributes of MyservicePage while mapping the inbound request ?.
2) How to impose cross-site scripting filter on service inbound request . I tried to use @crossScriptingFilter(.Content) but still returning the input content .