You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@olingo.apache.org by "Premroshan M Nair (JIRA)" <ji...@apache.org> on 2017/05/03 09:13:04 UTC

[jira] [Created] (OLINGO-1116) Output encoding of parameters in Query string

Premroshan M Nair created OLINGO-1116:
-----------------------------------------

             Summary: Output encoding of parameters in Query string
                 Key: OLINGO-1116
                 URL: https://issues.apache.org/jira/browse/OLINGO-1116
             Project: Olingo
          Issue Type: Bug
            Reporter: Premroshan M Nair
         Attachments: response.png

Hi,

Presently we tried some scenarios where we provide an incorrect Query string in the service call. Eg: Java script code <script>alert()</script> in the $skip parameter. The service return the raw javascript unencoded which could cause javascript injection issues. Kindly advise if there is a way to encode the response in such cases so the response would not lead to any security concerns such as javascript injection.

Thanks for your help and support in the matter.

Best regards,
Prem



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)