Defect HC-16266
Rest framework lacking cross site scripting protection for body parameters
Software
| Customer case | Applies to | Corrected in |
|---|---|---|
| CS0296382 | V8.0.4.0 | 8.0.4.29 |
Observed behavior
When local binding is in place, REST services are not properly detecting prohibited characters.
Expected behavior
Body parameters should be checked for prohibited characters, throwing an exception when they are detected.
Resolution
When local bindings were used, the code was not properly checking for prohibited characters. The code was fixed to properly detect and prevent the problem, throwing an exception.