' --> ' changes to ' --> ' inside a text field in CA PPM

Article Id: 14797

Status: Published

Updated On: 19-08-2020 01:58

Legacy Id: TEC1082026

Products:

Clarity PPM On Premise , Clarity PPM SaaS

Issue/Introduction:

If you enter in the text: ‘-->’, for example in the Description field of a project, and click on the Save button, it changes to ‘-->', why does this happen?

Steps to Reproduce:
1. Go to the Description field in the project and type in the below:

-->

2. Click on the ‘Save’ button

Expected Result: To see this ‘-->’

Actual Result: See this ‘-->'

Sample screenshots below.

Before:

After:

Environment:

Latest Version: 15.8.1

Resolution:

‘-->’ matches one of the XSS Patterns which can cause a cross site scripting issue and allowing this to cause security issues. ‘-->’ is a string in 'cmn_option_values’ table for option code ‘CMN.XSS.PATTERNS’ and thus it is being encoded to ‘-->'.

This has been reported to Product Engineering through DE34065 and determined to be working as expected.

Additional Information:

In the Modern UX, where the capability to export to PDF is present, the following workaround can be used.

Use one of the escape texts below, to obtain an arrow in the PDF:
1. →
2. →

A sample screenshot below.

However, in the text box within the Product, arrows will not be noticeable.

' --> ' changes to ' --&gt; ' inside a text field in CA PPM

' --> ' changes to ' --> ' inside a text field in CA PPM