Handle XSS Encoding
Recent software updates for various SAP software components introduced encoding of http responses in order to prevent cross-site scripting (XSS). The changes are documented for example in SAP Notes 1601461 and 1714836.
EEM was enhanced to cope with this XSS encoded http responses and to still automatically parameterize scripts. However, this feature is currently not active by default. This page describes how to use it.
The feature is controlled via the configuration parameter
http.decodeResponse. By default the parameter is set to
false, which corresponds to the old behavior. To fully use this feature set the parameter for a script and reparameterize it.
Procedure in Detail
- In the EEM Editor, import a script as usual and open it. During import the initial parameterization takes place already.
- Open the script configuration. On page Advanced -> Parameters and add the parameter
http.decodeResponsewith the value
true. Click ok to confirm.
- In the EEM Navigator, right click on the script and choose Reparameterize. If some responses are XSS encoded the result will be that additional searches and variables are added to the script.
This improvement is available as of Solution Manager 7.1 SP06 and will be provided as patch for previous Service Packs: SP05 P1, SP04 P5, SP03 P4.