漏洞
The special character '&' is URL sanitized to 'amp' in ArcGIS Enterprise Sites on links within additional resources of a content item.
| 漏洞 ID 编号 | BUG-000159969 |
|---|---|
| 已提交 | July 19, 2023 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | Portal for ArcGIS |
| 找到的版本 | 11.1 |
| 操作系统 | Windows Server |
| 操作系统版本 | N/A |
| 状态 | Will Not Be Addressed |
附加信息
The matter at hand concerns a character that requires careful handling: the '&' symbol. It undergoes conversion for several important reasons: Preventing HTML Entity Injection: By converting the '&', the risk of HTML entity injection is reduced. This is crucial for maintaining the integrity and security of our web content. Ensuring JavaScript stability: The correct usage of the ampersand is paramount to avoiding issues with JavaScript. Incorrect utilization can lead to unexpected behaviors or script failures, and the approach safeguards against these scenarios. Mitigating harmful query parameters: The conversion also plays a role in thwarting the injection of malicious or harmful query parameters. This proactive measure helps maintain the reliability of data handling. It is notable that this might create some inconvenience. It is important to note that these sanitation rules are in place to provide a secure environment for all users. Respective understanding and cooperation in this matter are greatly appreciated.解决办法
There is no workaround except for manually deleting from the link the 'amp' letters added automatically by the system.
重现步骤
漏洞 ID: BUG-000159969
软件:
- Portal for ArcGIS
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序