' --> ' changes to ' --> ' inside a text field in CA PPM

Article Id: 14797
Status: Published
Updated On: 14-02-2018 07:05
Legacy Id: TEC1082026
Products:
CLARITY PPM FOR ITG , CLARITY PPM FEDERAL , CA Project & Portfolio Management SAAS , STARTER PACK-CLARITY PPM
Issue/Introduction:

When you enter in the text: ‘-->’ and click on the Save button, it changes to ‘-->'



If you enter in the text: ‘-->’, for example in the Description field of a project, and click on the Save button, it changes to ‘-->', why does this happen?

 

STEPS TO REPRODUCE


1. Go to the Description field in the project and type in:-

-->

2. Click on the ‘Save’ button

Expected Result: to see this ‘-->’

Actual Result: see this ‘-->'

<Please see attached file for image>

Example.png

Environment:

CA PPM v14.4, 15.2 and 15.3

Resolution:

‘-->’ matches one of the XSS Patterns which can cause a cross site scripting issue and allowing this to cause security issues.

Note : ‘-->’ is a string in 'cmn_option_values’ table for option code ‘CMN.XSS.PATTERNS’ and thus it is being encoded to ‘--&gt;'.
This is not a bug.

Additional Information:

For internal reference only: DE34065

insert_drive_file 1558709558393000014797_sktwi1f5rjvs16ris.png
arrow_downward Download