Premroshan M Nair created OLINGO-1116:
-----------------------------------------
Summary: Output encoding of parameters in Query string
Key: OLINGO-1116
URL: https://issues.apache.org/jira/browse/OLINGO-1116
Project: Olingo
Issue Type: Bug
Reporter: Premroshan M Nair
Attachments: response.png
Hi,
Presently we tried some scenarios where we provide an incorrect Query string in
the service call. Eg: Java script code <script>alert()</script> in the $skip
parameter. The service return the raw javascript unencoded which could cause
javascript injection issues. Kindly advise if there is a way to encode the
response in such cases so the response would not lead to any security concerns
such as javascript injection.
Thanks for your help and support in the matter.
Best regards,
Prem
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
