SR-B45056 · Issue 328736
XSS filtering added to getClassOfPageReference
Resolved in Pega Version 7.4
XSS filtering has been added to the URL produced when using getClassOfPageReference.
SR-B45056 · Issue 330368
XSS filtering added to getClassOfPageReference
Resolved in Pega Version 7.4
XSS filtering has been added to the URL produced when using getClassOfPageReference.
SR-B89114 · Issue 339165
XSS filtering added to ImportSpecExcel
Resolved in Pega Version 7.4
The control 'pzImportSpecExcel' has been modified to secure the property pyImportFileName with XSS filtering.
SR-B95798 · Issue 344526
XSS filtering added to GetTour
Resolved in Pega Version 7.4
Cross scripting filtering has been added to pxGetTour java step 7, which prepares JSON.
SR-C1787 · Issue 346038
XSS filtering added for insHandle
Resolved in Pega Version 7.4
XSS filtering has been added for the inshandle parameter in the downloadFile activity.
SR-C47022 · Issue 388398
XSS protection added to TopHarness query string
Resolved in Pega Version 8.1
When the topHarness query string parameter was provided with a request to Pega, its contents were written to the HTML stream without HTML-encoding the content, creating a Cross-Site Scripting vulnerability. To improve security, the “topHarness” value will be encoded using com.pega.pegarules.pub.util.StringUtils.crossScriptingFilter API in pzClientDynamicData.
SR-C9139 · Issue 352594
XSS filtering added to searched filter values
Resolved in Pega Version 8.1
ListViewHeader has been updated to apply XSS filtering to searched filter values.