ARTIClE
String Functions, escape for XSS
This example demonstrates the string function
escape for preventing XSS .
ABAP_SOURCE_CODE
ABAP_EXEC
ABAP_DESCRIPTION
A search term can be entered in a dialog box. An output window provides
a search function in the ABAP keyword documentation and with an external
search engine. By default, the input is escaped using the function
escape and the format cl_abap_format= e_xss_ml . This prevents
cross site scripting ( XSS ).
The function can be disabled for specific input, which demonstrates the
effects of an XSS attack. The input makes the links on the output
window and the following input field unusable. More harmful functions
could be used instead of the JavaScript function alert ,
but are not permitted in this example.
Documentation extract taken from SAP system, � Copyright SAP AG. All rights reserved