Support Article

Refresh-CurrentHarness sends & in parameters of pre-activity



A button is configured to run a activity (this activity has params) and then refresh the harness. When the button is clicked, the activity params are not being passed in the http request generated.

For example:  param if 'P1' is being past as 'ampP1;' Pega monitors semicolon in http requests for potential security attacks but a forbidden error page is send to client browser.

Error Messages

Forbidden errorr screen as below,

Steps to Reproduce

(Configure a button as above)

(First click the button we have designed)

(Then click on browser refresh button)

(Then observe in fiddler that params are wrongly passed)

Root Cause

A defect in Pegasystems’ code or rules. Browser refresh is sending & in the parameter names for activity parameters. This is because docsRecreateInfoJSON not being parsed properly.


Apply HFix-29066

Published August 22, 2016 - Updated October 27, 2016

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.