Question

10
Replies
3402
Views
Close popover
praveen byrraju (praveenb227)
Infosys
Technology Lead
Infosys
BE
praveenb227 Member since 2012 1 post
Infosys
Posted: March 22, 2017
Last activity: May 11, 2017
Closed
Solved

Using "mode=literal" can expose the system to cross site scripting attacks - use with caution.

Hi All,

i have imported XSD in pega 7.2.2 version for one of our requirement through Connector and Metadata wizard.

System automatically created parse rules and XML stream rules. For all the XML stream rules we have got severe warnings "Using "mode=literal" can expose the system to cross site scripting attacks - use with caution."

when i check mapping i did not see any mode mentioned as literal all the modes mentioned as standard. but when i check XML source mode mentioned as "literal".

Pega 7.2.2:

<pega:r n=".CompanyName" m="literal"/>

In 6.3 if mapping mode is "Standard" in the XML source mode mapped as "normal".

<ns1:Notes><pega:reference name=".Notes" mode="normal"/>

I can see a difference in automated generate XML.is this some product issue in pega 7.2.2.

we have justified warning in development environemt. will it causes any security issues in production level.

Thanks.

Data Integration Security
Moderation Team has archived post