Is this normal that URL encoded chars %3C and %3E are blocked by SiteMinder WebAgent if CSSChecking is ON?

book

Article ID: 52422

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

If we defined BadCSSChars as such:

BadCSSCharsĀ = <,>

Is this normal that URL encoded chars (%3C and %3E) are blocked by SiteMinder WebAgent?

Solution:

Yes, this is normal.

Encoded characters are also blocked, even if the encoded value is not specifically defined in the BadCSSChars list. So when you define > in BadCSSChars, the character > and the corresponding encoded character %3E will be blocked by Siteminder WebAgent.



Environment

Release:
Component: SMPLC

Resolution

Please Update This Required Field