漏洞
The applyEdits call does not automatically add a backslash when an attribute value contains HTML content such as URL parameters.
| 漏洞 ID 编号 | BUG-000174793 |
|---|---|
| 已提交 | March 5, 2025 |
| 上次修改时间 | July 31, 2025 |
| 适用范围 | ArcGIS Online |
| 找到的版本 | Feb 2025 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 64 Bit |
| 修正版本 | Planned Release Date: Q2 2025 |
| 状态 | Fixed |
附加信息
This issue relates to the allowlist of custom URI schemes supported on the platform. The current implementation includes standard protocols (http, https, mailto, tel) as well as ArcGIS-specific deep linking schemes (arcgis-navigator, arcgis-survey123, arcgis-collector, etc.) that enable integration with Esri mobile applications. Additional schemes have been added to support business partner applications and user-requested functionality.解决办法
Manually add a backslash (\) at the start and end of the URL within the href attribute tag. For example: <a href="\https://www.<domain>.com\">Link</a>
Alternatively, encode the URL.
重现步骤
漏洞 ID: BUG-000174793
软件:
- ArcGIS Online
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序