Currently in our application the communication between ABAP back-end and UI layer we are using XML format as data exchange between them .
To remove the XSS security vulnerability we are using escape API as mentioned in the link SAP Encoding Functions for AS ABAP - Secure Programming - SAP Library
The sample snippet is shown below
CALL METHOD server->response->set_header_field(
name = if_http_header_fields=>content_type
value = 'text/plain' ).
lv_response = escape( val = lv_response_xml_data format = cl_abap_format=>e_xss_ml ).
"Now Send the actual data
server->response->set_cdata( data = lv_response ).
Now what in UI layer we are using unescape API in JS to retrieve the incoming XML content . But the this is not happening . Can you help me here ?