Support Article
Refresh-CurrentHarness sends & in parameters of pre-activity
SA-27082
Summary
A button is configured to run a activity (this activity has params) and then refresh the harness. When the button is clicked, the activity params are not being passed in the http request generated.
For example: param if 'P1' is being past as 'ampP1;' Pega monitors semicolon in http requests for potential security attacks but a forbidden error page is send to client browser.
Error Messages
Forbidden errorr screen as below,
Steps to Reproduce
(Configure a button as above)
(First click the button we have designed)
(Then click on browser refresh button)
(Then observe in fiddler that params are wrongly passed)
Root Cause
A defect in Pegasystems’ code or rules. Browser refresh is sending & in the parameter names for activity parameters. This is because docsRecreateInfoJSON not being parsed properly.
Resolution
Apply HFix-29066
Published October 28, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.