sapdev logo background
sapdev logo sapdev logo
Comments

SAP STRING FUNCTION ESC XSS ABEXA documentation, setup help and example usage



Return to SAP documentation index


ARTIClE

String Functions, escape for XSS
This example demonstrates the string function
escape for preventing XSS .

ABAP_SOURCE_CODE
ABAP_EXEC

ABAP_DESCRIPTION
A search term can be entered in a dialog box. An output window provides a search function in the ABAP keyword documentation and with an external search engine. By default, the input is escaped using the function
escape and the format cl_abap_format= e_xss_ml . This prevents cross site scripting ( XSS ).
The function can be disabled for specific input, which demonstrates the effects of an XSS attack. The input makes the links on the output window and the following input field unusable. More harmful functions could be used instead of the JavaScript function alert , but are not permitted in this example.
Documentation extract taken from SAP system, � Copyright SAP AG. All rights reserved




STRING_FUNCTION_ESCAPE_ABEXA
STRING_FUNCTION_FIND_ABEXA




comments powered by Disqus
SAP Development ABAP SAP Reporting Data Dictionary Search Helps SAP Tables
Contact Us Partners Terms of Service Privacy Policy Advertise Resources