We are currently using DynamicDSGenerator to create dynamic data sources.
Somehow, the requests to get data sources get blocked by a software called SiteMinder that our customers have.
The error message when we got:
"Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags."
We inspected the call and found the request looks like this:
/portal/sc/DataSourceLoader?dataSource=SearchResults_1.1&isc_ rpc=1&isc_v=v8.3p_2013-02-14&isc_xhr=1&isc_tnum=4&_transaction=%3Ctransactio n%20xmlns%3Axsi%3D%22http%3A%2F%2Fwww.w3.org%2F200 0%2F10%2FXMLSchema-instance%22%20xsi%3Atype%3D%22xsd%3AObject%22%3E%3 CtransactionNum%20xsi%3Atype%3D%22xsd%3Along%22%3E 4%3C%2FtransactionNum%3E%3Coperations%20xsi%3Atype %3D%22xsd%3AList%22%3E%3Celem%3E__ISC_NULL__%3C%2F elem%3E%3C%2Foperations%3E%3C%2Ftransaction%3E&pro tocolVersion=1.0 HTTP/1.1
After URL decoding the URL, it looks like this:
/portal/sc/DataSourceLoader?dataSource=SearchResults_1.1&isc_ rpc=1&isc_v=v8.3p_2013-02-14&isc_xhr=1&isc_tnum=4&_transaction=<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">4</transactionNum><operations xsi:type="xsd:List"><elem>__ISC_NULL__</elem></operations></transaction>&protocolVersion=1.0
My question is whether it's possible to not have HTML embedded in the URL since some security software may block that kind of request.
Somehow, the requests to get data sources get blocked by a software called SiteMinder that our customers have.
The error message when we got:
"Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags."
We inspected the call and found the request looks like this:
/portal/sc/DataSourceLoader?dataSource=SearchResults_1.1&isc_ rpc=1&isc_v=v8.3p_2013-02-14&isc_xhr=1&isc_tnum=4&_transaction=%3Ctransactio n%20xmlns%3Axsi%3D%22http%3A%2F%2Fwww.w3.org%2F200 0%2F10%2FXMLSchema-instance%22%20xsi%3Atype%3D%22xsd%3AObject%22%3E%3 CtransactionNum%20xsi%3Atype%3D%22xsd%3Along%22%3E 4%3C%2FtransactionNum%3E%3Coperations%20xsi%3Atype %3D%22xsd%3AList%22%3E%3Celem%3E__ISC_NULL__%3C%2F elem%3E%3C%2Foperations%3E%3C%2Ftransaction%3E&pro tocolVersion=1.0 HTTP/1.1
After URL decoding the URL, it looks like this:
/portal/sc/DataSourceLoader?dataSource=SearchResults_1.1&isc_ rpc=1&isc_v=v8.3p_2013-02-14&isc_xhr=1&isc_tnum=4&_transaction=<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">4</transactionNum><operations xsi:type="xsd:List"><elem>__ISC_NULL__</elem></operations></transaction>&protocolVersion=1.0
My question is whether it's possible to not have HTML embedded in the URL since some security software may block that kind of request.