' --> ' changes to ' --> ' inside a text field in CA PPM

Document ID : KB000014797
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

When you enter in the text: ‘-->’ and click on the Save button, it changes to ‘-->'

Question:

If you enter in the text: ‘-->’, for example in the Description field of a project, and click on the Save button, it changes to ‘-->', why does this happen?

 

STEPS TO REPRODUCE


1. Go to the Description field in the project and type in:-

-->

2. Click on the ‘Save’ button

Expected Result: to see this ‘-->’

Actual Result: see this ‘-->'

Example.png

Environment:
CA PPM v14.4, 15.2 and 15.3
Answer:

‘-->’ matches one of the XSS Patterns which can cause a cross site scripting issue and allowing this to cause security issues.

Note : ‘-->’ is a string in 'cmn_option_values’ table for option code ‘CMN.XSS.PATTERNS’ and thus it is being encoded to ‘-->'.
This is not a bug.

Additional Information:

For internal reference only: DE34065