This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

XML treat protection policy is failing for ampersand ('&') in tag value

Posted on 05-29-2018 02:34 AM
sujnana
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

We have XML treat protection policy in proxy with following configuration -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<XMLThreatProtection async="false" continueOnError="false" enabled="true" name="XTP-XMLRequestTreatProtect">
    <DisplayName>XTP-XMLRequestTreatProtect</DisplayName>
    <Properties/>
    <NameLimits>
        <Element>50</Element>
        <Attribute>50</Attribute>
        <NamespacePrefix>50</NamespacePrefix>
        <ProcessingInstructionTarget>50</ProcessingInstructionTarget>
    </NameLimits>
    <Source>request</Source>
    <StructureLimits>
        <NodeDepth>10</NodeDepth>
        <AttributeCountPerElement>100</AttributeCountPerElement>
        <NamespaceCountPerElement>10</NamespaceCountPerElement>
        <ChildCount includeComment="false" includeElement="true" includeProcessingInstruction="true" includeText="true">500</ChildCount>
    </StructureLimits>
    <ValueLimits>
        <Text>500</Text>
        <Attribute>500</Attribute>
        <NamespaceURI>100</NamespaceURI>
        <Comment>-1</Comment>
        <ProcessingInstructionData>100</ProcessingInstructionData>
    </ValueLimits>
</XMLThreatProtection>

It throws error when xml tag has value ampersand ('&'). For example consider following xml payload 

<root>
	<msg>City & Village</msg>
</root>

This policy fails with below error - 

{"fault":{"faultstring":"XMLThreatProtection stepDefinition XTP-XMLRequestTreatProtect: Execution failed. reason: Unknown entity at line 2(possibly  around char 19)","detail":{"errorcode":"steps.xmlthreatprotection.ExecutionFailed"}}}

How to allow '&' in tag value?

0 1 512
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Sujnana Rai, some characters should be escaped in XML.

The ampersand(&) is not a valid character in XML and must be replaced with an entity reference like, & amp;

& amp;       <-----(please see that there should not be a whitespace between & and a)

Please give it a try & if you face any issue, post here.

0 Likes