Input value is not sent to the service Follow
ServiceManager has Injection protection to the following services: DB, JS and HTML.
ServiceManager checks the value that is sent to the input fields, and if they can be suspected as injection, the sent value is replaced with the service default value.
And you will see in the log the following error:
Input removed due to possible JS/SQL injection: <field_name>, value <value>
For example, on the below log, the Service my_js_service was called, with suspicious_value() value into the input field: Input1_field
In order to resolve that, you can white list the input field Input1_field
You can do that by:
Navigate to Admin tab -> System properties
Search for the following properties:
SQL_INJECTION_WHITELIST_FIELDS=
JS_INJECTION_WHITELIST_FIELDS=
HTML_INJECTION_WHITELIST_FIELDS=
HTML_SERVICES_INJECTION_CHECK = false
Add the field names you want to whitelist to above:
SQL_INJECTION_WHITELIST_FIELDS=Input1_field,Input2_field
JS_INJECTION_WHITELIST_FIELDS=Input3_field,Input4_field
HTML_INJECTION_WHITELIST_FIELDS=Input5_field,Input6_field
HTML_SERVICES_INJECTION_CHECK = false
Comments
0 comments
Please sign in to leave a comment.