Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Handle escape xml ( from ABAP ) data in Javascript

Hi Colleagues,

Currently in our application the communication between ABAP back-end and UI layer we are using XML format as data exchange between them .

To remove the XSS security vulnerability we are using escape API as mentioned in the link SAP Encoding Functions for AS ABAP - Secure Programming - SAP Library


The sample snippet is shown below


CALL METHOD server->response->set_header_field(

         name  = if_http_header_fields=>content_type

         value = 'text/plain' ).

    lv_response = escape( val = lv_response_xml_data format = cl_abap_format=>e_xss_ml ).

     "Now Send the actual data

     server->response->set_cdata( data = lv_response ).

.


Now what in UI layer we are using unescape API in JS to retrieve the incoming XML content . But the this is not happening . Can you help me here ?


Best Regards,

Mitul

Tags:
Former Member

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question