Even with ACO parameter "CSSChecking" is set as "no", target is check for BadCSSChars

book

Article ID: 48691

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

The behaviour of the Webagent changed regarding CSS check and especially for target content starting with R12SP3CR08.

Solution:

$$target$$ is a special form variable because it always contains a URL.

So Webagent scans this variable with the BadCSSChars setting instead of BadFormChars to be consistent with other places where the agent filters URLs.
Other form fields are scanned for Badformchars.

In order to avoid target = "Invalid input" in forms badcsschars should be set to empty or without the chars that causes the problem.

As a result even though csschecking is set to no, target is scanned with badcsschars. In order to avoid target = "Invalid input" in forms badcsschars should be set to empty.

Environment

Release:
Component: SMAPC