SR-D21803 · Issue 502130
Cross-site scripting protection added for embedded portal URI
Resolved in Pega Version 8.2.4
The URI used in the top window of embedded portals has been encoded to prevent DOM based cross-site scripting.
SR-D29485 · Issue 503511
Enhancement added to modify URL encryption for load testing
Resolved in Pega Version 8.2.4
An enhancement has been added which allows conditionally modifying URL encryption for load testing. This uses the flag crypto/useportablecipherforurlencryption: if true, a portable hardcoded key is used to encrypt the URLs and if false, a dynamically generated key per thread/requestor is used to encrypt the URL.
SR-D38581 · Issue 504775
Removed unnecessary cross-site scripting filtering on paragraph rule
Resolved in Pega Version 8.2.4
When a link was set in a paragraph rule, the target option was removed in the returned layout structure. This was traced to unnecessary XSS filtering which has now been removed.