We have XML treat protection policy in proxy with following configuration -
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <XMLThreatProtection async="false" continueOnError="false" enabled="true" name="XTP-XMLRequestTreatProtect"> <DisplayName>XTP-XMLRequestTreatProtect</DisplayName> <Properties/> <NameLimits> <Element>50</Element> <Attribute>50</Attribute> <NamespacePrefix>50</NamespacePrefix> <ProcessingInstructionTarget>50</ProcessingInstructionTarget> </NameLimits> <Source>request</Source> <StructureLimits> <NodeDepth>10</NodeDepth> <AttributeCountPerElement>100</AttributeCountPerElement> <NamespaceCountPerElement>10</NamespaceCountPerElement> <ChildCount includeComment="false" includeElement="true" includeProcessingInstruction="true" includeText="true">500</ChildCount> </StructureLimits> <ValueLimits> <Text>500</Text> <Attribute>500</Attribute> <NamespaceURI>100</NamespaceURI> <Comment>-1</Comment> <ProcessingInstructionData>100</ProcessingInstructionData> </ValueLimits> </XMLThreatProtection>
It throws error when xml tag has value ampersand ('&'). For example consider following xml payload
<root> <msg>City & Village</msg> </root>
This policy fails with below error -
{"fault":{"faultstring":"XMLThreatProtection stepDefinition XTP-XMLRequestTreatProtect: Execution failed. reason: Unknown entity at line 2(possibly around char 19)","detail":{"errorcode":"steps.xmlthreatprotection.ExecutionFailed"}}}
How to allow '&' in tag value?
Hi @Sujnana Rai, some characters should be escaped in XML.
The ampersand(&) is not a valid character in XML and must be replaced with an entity reference like, & amp;
& amp; <-----(please see that there should not be a whitespace between & and a)
Please give it a try & if you face any issue, post here.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |