漏洞
The 'target ='_blank'' HTML tag is ignored in geoprocessing services when embedding in web applications created in ArcGIS Online.
| 漏洞 ID 编号 | BUG-000140757 |
|---|---|
| 已提交 | June 16, 2021 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS Online |
| 找到的版本 | 9.1 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 64 Bit |
| 状态 | Will Not Be Addressed |
附加信息
This issue is by-design for security issues.解决办法
- The output of the geoprocessing tool is of type GPString and the tool generates an HTML element <a> directly.
- To keep out the malicious code, string content is sanitized before displaying on the page and the target=‘_blank’ is removed.
- Open a new tab to show the output PDF file, change the output type of the geoprocessing tool from GPString to GPDataFile.
- Thus, ArcGIS Web AppBuilder will generate an HTML element <a target=“_blank”>.
- If the output type is GPDataFile, the users do not need to generate the URL parameter.
- Set the output file path as the value of GPDataFile. The geoprocessing service will create a URL for it. The print service is a good example, refer to the following link, http://sampleserver6.arcgisonline.com/arcgis/rest/services/Utilities/PrintingTools/GPServer/Export%20Web%20Map%20Task for more information.
重现步骤
漏洞 ID: BUG-000140757
软件:
- ArcGIS Online
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序