search cancel

Error Scheduling Recurring Job

book

Article ID: 254299

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Clarity does not allow scheduling a recurring job when the job name has string pattern 'ALERT (xx)' 

Steps to Reproduce: 

  • Login to Clarity
  • Navigate to Home -> Reports and Jobs -> Jobs -> Available Jobs
  • Select any job
  • Provide the job name as 'Test and ALERT(ONCE A DAY) '
  • Provide the Start Date, Start Time, enable Scheduled option and click on Set Recurrence

Expected Results: Job Recurrence window should open to provide Job corn details

Actual Results: Error 'Unable to Process Request - Server or Network' is displayed

Following error is generated in app-ca.log

ERROR 2022-11-28 16:10:07,788 [https-jsse-nio2-443-exec-240] filter.XSSFilter (clarity:admin:5328470__D6FB3D78-12D1-4136-9701-XXXYY20A1234:none) Bad request. Found XSS injections in URL.uitk.vxml=1&action=nmc.getJobRecurrence&id=-1&start_hour=0&start_minute=0&start_date=11/21/2022&recurrence_type=0&days_of_week=&weekly_months=&weekly_end_date=&days_of_month=&monthly_months=&monthly_end_date=&cron=&job_name=Test%20and%20ALERT%28ONCE%20A%20DAY%29%20&uitk.session.uuid=5yyy6f3a-511d-432b-b789-3xx3b3a1x66z

 

Environment

Release : 16.x and supported versions of Clarity

Cause

This is happening because the job name is matching the following CMN.XSS.PATTERNS in CMN_OPTION_VALUES table.

Pattern:

(alert|eval|expression|prompt|confirm)[\r\n\s]*\((.*?)\)

Resolution

This option restricts the XSS string in the user input if the string matches a pattern in the CMN.XSS.PATTERNS option. This system option applies to the entire Classic PPM application, except the URL attributes and site links. 

Additional Information

XSS: Restriction Option

Attachments