Page tree
Skip to end of metadata
Go to start of metadata

Security aspects is mostly dominated by the question how single-sign on works, activation of ICF nodes and how to prevent cross-side scripting attacks. This section collects all relevant links to the different topics.

(Highly) Recommended SAP Notes

Logon Handling in the Web

General Links to Security Topics

BSP Page and HTMLB Rendering Support

  • BSP page directive <%@page forceEncode="html"%> to automatically HTML encode all <%=...%> statements
  • BSP page directive <%@page forceEncodeOtr="html"%> to automatically HTML encode all OTR output (translated texts in other languages can break rendered HTML
  • <htmlb:content forceEncode="enabled"> to HTML encode all attributes/values during rendering
  • {{<htmlb:content level2Check="true"> to check incoming model attributes whether they were actually part of previous outgoing response and may be updated.
  • See encoding functions on class CL_HTTP_UTILITY.