Support Article
Refresh-CurrentHarness sends & in parameters of pre-activity
SA-27082
Summary
A button is configured to run a activity (this activity has params) and then refresh the harness. When the button is clicked, the activity params are not being passed in the http request generated.
For example: param if 'P1' is being past as 'ampP1;' Pega monitors semicolon in http requests for potential security attacks but a forbidden error page is send to client browser.
Error Messages
Forbidden errorr screen as below,
![](https://gcsprdsa.lab.pega.com/articles/datacontent/Image/rteImages/UserUpload_14768885106571476888510775.png)
Steps to Reproduce
![](https://gcsprdsa.lab.pega.com/articles/datacontent/Image/rteImages/UserUpload_14768885462111476888546350.png)
(Configure a button as above)
![](https://gcsprdsa.lab.pega.com/articles/datacontent/Image/rteImages/UserUpload_14768886828381476888683160.png)
(First click the button we have designed)
![](https://gcsprdsa.lab.pega.com/articles/datacontent/Image/rteImages/UserUpload_14768890405721476889041325.png)
(Then click on browser refresh button)
![](https://gcsprdsa.lab.pega.com/articles/datacontent/Image/rteImages/UserUpload_14768886189131476888619379.png)
(Then observe in fiddler that params are wrongly passed)
Root Cause
A defect in Pegasystems’ code or rules. Browser refresh is sending & in the parameter names for activity parameters. This is because docsRecreateInfoJSON not being parsed properly.
Resolution
Apply HFix-29066
Published October 28, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.