Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Handle escape xml ( from ABAP ) data in Javascript

Go to solution
MitulAdhia
Advisor
Advisor

‎10-27-2015 11:52 AM

0 Kudos

Hi Colleagues,

Currently in our application the communication between ABAP back-end and UI layer we are using XML format as data exchange between them .

To remove the XSS security vulnerability we are using escape API as mentioned in the link SAP Encoding Functions for AS ABAP - Secure Programming - SAP Library


The sample snippet is shown below


CALL METHOD server->response->set_header_field(

         name  = if_http_header_fields=>content_type

         value = 'text/plain' ).

    lv_response = escape( val = lv_response_xml_data format = cl_abap_format=>e_xss_ml ).

     "Now Send the actual data

     server->response->set_cdata( data = lv_response ).

.


Now what in UI layer we are using unescape API in JS to retrieve the incoming XML content . But the this is not happening . Can you help me here ?


Best Regards,

Mitul

1 ACCEPTED SOLUTION

Go to solution
MitulAdhia
Advisor
Advisor

‎11-03-2015 11:43 AM

0 Kudos

The issue is solved now after using regular expression in UI layer .

1 REPLY 1

Go to solution
MitulAdhia
Advisor
Advisor

‎11-03-2015 11:43 AM

0 Kudos

The issue is solved now after using regular expression in UI layer .