Question

68
Views
Brahmesh@ Member since 2013 146 posts
Capgemini
Posted: 5 months ago
Last activity: 5 months 2 weeks ago

How to handle HTML escape character codes and cross-site scripting in inbound service request

We have an API to receive the notes/comments from external system and notes gets tagged to the requested case . we have the following the challenges with notes .

1)  Name value is being received with html escape and the same value is being stored in table . Is there anyway to unescape the html codes of all attributes of MyservicePage while mapping the inbound request ?.

2)  How to impose cross-site scripting filter on service inbound request . I tried to use @crossScriptingFilter(.Content) but still returning the input content .

{     "ID": "createdByInfoId 7",     "Name": "M&#229;rten",      "Content": "<script>alert(hi);</script>"

}

Pega Platform 7.3.1 Data Integration Security Financial Services
Share this page LinkedIn