You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@olingo.apache.org by "Premroshan M Nair (JIRA)" <ji...@apache.org> on 2017/05/03 09:13:04 UTC
[jira] [Created] (OLINGO-1116) Output encoding of parameters in
Query string
Premroshan M Nair created OLINGO-1116:
-----------------------------------------
Summary: Output encoding of parameters in Query string
Key: OLINGO-1116
URL: https://issues.apache.org/jira/browse/OLINGO-1116
Project: Olingo
Issue Type: Bug
Reporter: Premroshan M Nair
Attachments: response.png
Hi,
Presently we tried some scenarios where we provide an incorrect Query string in the service call. Eg: Java script code <script>alert()</script> in the $skip parameter. The service return the raw javascript unencoded which could cause javascript injection issues. Kindly advise if there is a way to encode the response in such cases so the response would not lead to any security concerns such as javascript injection.
Thanks for your help and support in the matter.
Best regards,
Prem
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)