漏洞
The Survey123 for ArcGIS field app fails to pass values to another survey via a custom URL if the field values contain quotes or ampersand (&).
| 漏洞 ID 编号 | BUG-000120041 |
|---|---|
| 已提交 | February 13, 2019 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS Survey123 |
| 找到的版本 | 3.2 |
| 操作系统 | N/A |
| 操作系统版本 | N/A |
| 状态 | Will Not Be Addressed |
附加信息
This issue is caused by the URL not being encoded correctly; ampersands and other special characters must be percent-encoded (refer to https://tools.ietf.org/html/rfc3986#section-2.1 or https://en.wikipedia.org/wiki/Percent-encoding). There is no function to encode values within the XLSForm specification, and detecting when a link is present automatically is difficult due to the number of ways links can be generated. A workaround is available by using custom JavaScript functions (refer to https://doc.arcgis.com/en/survey123/desktop/create-surveys/pulldatajavascript.htm). The following function will return encoded text: ```javascript function encode(inText) { return (inText == undefined) ? "" : encodeURIComponent(inText); } ```重现步骤
漏洞 ID: BUG-000120041
软件:
- ArcGIS Survey123
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序