Question

10
Replies
3339
Views
praveenb227 Member since 2012 1 post
Infosys
Posted: 3 years ago
Last activity: 3 years 4 months ago
Closed
Solved

Using "mode=literal" can expose the system to cross site scripting attacks - use with caution.

Hi All,

i have imported XSD in pega 7.2.2 version for one of our requirement through Connector and Metadata wizard.

System automatically created parse rules and XML stream rules. For all the XML stream rules we have got severe warnings "Using "mode=literal" can expose the system to cross site scripting attacks - use with caution."

when i check mapping i did not see any mode mentioned as literal all the modes mentioned as standard. but when i check XML source mode mentioned as "literal".

Pega 7.2.2:

<pega:r n=".CompanyName" m="literal"/>

In 6.3 if mapping mode is "Standard" in the XML source mode mapped as "normal".

<ns1:Notes><pega:reference name=".Notes" mode="normal"/>

I can see a difference in automated generate XML.is this some product issue in pega 7.2.2.

we have justified warning in development environemt. will it causes any security issues in production level.

Thanks.

Data Integration Security
Moderation Team has archived post
Share this page LinkedIn