Question

156
Views
Brahmeswara Rao (Brahmesh@)
Capgemini
Developer
Capgemini
SE
Brahmesh@ Member since 2013 154 posts
Capgemini
Posted: May 14, 2020
Last activity: May 14, 2020
Posted: 14 May 2020 15:05 EDT
Last activity: 14 May 2020 15:50 EDT
Closed

How to handle HTML escape character codes and cross-site scripting in inbound service request

We have an API to receive the notes/comments from external system and notes gets tagged to the requested case . we have the following the challenges with notes .

1)  Name value is being received with html escape and the same value is being stored in table . Is there anyway to unescape the html codes of all attributes of MyservicePage while mapping the inbound request ?.

2)  How to impose cross-site scripting filter on service inbound request . I tried to use @crossScriptingFilter(.Content) but still returning the input content .

{     "ID": "createdByInfoId 7",     "Name": "M&#229;rten",      "Content": "<script>alert(hi);</script>"

}

Pega Platform 7.3.1 Data Integration Security Financial Services
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.