Hi Nadun,

You may try to encode the characters in the UI level as in [1]. Encode
the required
parameters using *Encode.forHtmlContent*  or suitable encoding type.

For more information about output encoding, follow the Secure Engineering
Guideline [2]. This might help to resolve the issue.

[1]
https://github.com/wso2/carbon-analytics-common/blob/v5.1.21/components/template-manager/org.wso2.carbon.event.template.manager.ui/src/main/resources/web/template-manager/template_configurations_ajaxprocessor.jsp#L305
[2]
https://wso2.com/technical-reports/wso2-secure-engineering-guidelines#A23

Thanks,
Nadeeshani.

On Wed, Feb 14, 2018 at 2:09 PM, Nadun De Silva <nad...@wso2.com> wrote:

> Hi,
>
> I am working on a notifications system for the password rotation policy
> authenticator in IS Analytics (C4) [1]. I am trying to set the email body
> (of type text/html) of the email event publisher using the template manager.
>
> However, *I get this error* when I try to do this. (There are no logs
> shown in the console)
>
>
> ‚Äč
> *The value entered:*
>
> Hi {{username}},<br><br>Your password for the account in WSO2 Identity
> Server had expired. Your account details are as follows.<br><br>Username :
> {{username}}<br>UserStoreDomain : {{userStoreDomain}}<br>Email Address :
> {{email}}<br><br>Please login and change your password.<br><br>Thank
> you!<br><br>Regards,<br>WSO2 IS<br>
>
>
> After debugging I found out that this is because "<" and ">" characters
> don't get encoded [2] from the UI and because of that the Apache Axiom
> library [3] used for parsing throws an error because of this. (Please
> correct me if I am wrong)
>
> Is there a workaround for this? If not, shouldn't we support this?
>
> Thank you!
>
> Regards,
> Nadun De Silva
>
> [1] mail : [Architecture] Password Rotation Policy Authenticator
> [2] https://github.com/wso2/carbon-analytics-common/blob/
> v5.1.21/components/template-manager/org.wso2.carbon.event.
> template.manager.ui/src/main/resources/web/template-manager/template_
> configurations_ajaxprocessor.jsp#L312
> [3] https://ws.apache.org/axiom/
>
> --
> *Nadun De Silva*
> Software Engineer | WSO2
>
> Email: nad...@wso2.com
> Mobile: +94778222607 <+94%2077%20822%202607>
> Web: http://wso2.com
>
> <http://wso2.com/signature>
>
> _______________________________________________
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Pathirennehelage Nadeeshani
Software Engineer | WSO2 Inc.
Platform Security Team
mobile : +94 716545223
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to