Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
Thank you,
The SAP Community team.
The SAP Community wiki will be closed to new content submissions from December 7 6:00 p.m. CET to December 11 6:00 p.m. CET.
All content created during this period will not be available/restorable after December 11.
We apologize for the inconvenience, but we need to take this action to improve and maintain the SAP Community wiki performance.
Please plan your tasks accordingly.
Skip to end of metadata
Go to start of metadata

Security aspects is mostly dominated by the question how single-sign on works, activation of ICF nodes and how to prevent cross-side scripting attacks. This section collects all relevant links to the different topics.

(Highly) Recommended SAP Notes

Logon Handling in the Web

General Links to Security Topics

BSP Page and HTMLB Rendering Support

  • BSP page directive <%@page forceEncode="html"%> to automatically HTML encode all <%=...%> statements
  • BSP page directive <%@page forceEncodeOtr="html"%> to automatically HTML encode all OTR output (translated texts in other languages can break rendered HTML
  • <htmlb:content forceEncode="enabled"> to HTML encode all attributes/values during rendering
  • {{<htmlb:content level2Check="true"> to check incoming model attributes whether they were actually part of previous outgoing response and may be updated.
  • See encoding functions on class CL_HTTP_UTILITY.