Refresh-CurrentHarness sends & in parameters of pre-activity
A button is configured to run a activity (this activity has params) and then refresh the harness. When the button is clicked, the activity params are not being passed in the http request generated.
For example: param if 'P1' is being past as 'ampP1;' Pega monitors semicolon in http requests for potential security attacks but a forbidden error page is send to client browser.
Error MessagesForbidden errorr screen as below,
Steps to Reproduce
(Configure a button as above)
(First click the button we have designed)
(Then click on browser refresh button)
(Then observe in fiddler that params are wrongly passed)
Root CauseA defect in Pegasystems’ code or rules.
Browser refresh is sending & in the parameter names for activity parameters. This is because docsRecreateInfoJSON not being parsed properly.
Published August 22, 2016 - Updated October 27, 2016