Defect HC-7770
XSS ProhibCharEncoding rules prevent use of variables
Software
Customer case | Applies to | Corrected in |
---|---|---|
CS0173085 | V8.0.4.23 | 8.0.4.26 |
Observed behavior
The current cross-site scripting protections do not permit commands to support the use of variables.
Expected behavior
The rules specified in ProhibitedChars element do not permit the use of left and right braces { and } to make use of variables in commands.
Resolution
Additional code was added to remove this restriction by directly supporting the use of the parameter markers { and }.