'-->' changes to '-->' inside a text field in CA PPM

Document ID:  TEC1082026
Last Modified Date:  06/19/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA PPM

Releases

  • CA PPM:Release:14.4
  • CA PPM:Release:15.2
  • CA PPM:Release:15.1

Components

  • CLARITY PPM INTEGRATIONS & INSTALLATIONS:PPMENV
Introduction:

When you enter in the text: ‘-->’, for example in the Description field of a project, and click on the Save button, it changes to ‘-->'

Question:

STEPS TO REPRODUCE


1. Go to the Description field in the project and type in:-

-->

2. Click on the ‘Save’ button

Expected Result: to see this ‘-->’

Actual Result: see this ‘-->'

Example.png

Environment:
CA PPM v14.4, 15.2 and 15.3
Answer:

‘-->’ matches one of the XSS Patterns which can cause cross site scripting issue and allowing that cause security issues.
So the expected behavior is to encode ‘-->’ string which is happening in the application currently.


Note : ‘-->’ is a string in 'cmn_option_values’ table for option code ‘CMN.XSS.PATTERNS’ and thus it is being encoded to ‘-->'.
This is not a bug.

Additional Information:

DE34065

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing