https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/html-popup-response-security/m-p/427695#M2055 <HTML><HEAD></HEAD><BODY><SPAN>Mark, </SPAN><BR /><BR /><SPAN>Thank you for this post. The HTML popup is configured by the author of a map in ArcMap. Is the concern here that someone could add malicous content in the HTML </SPAN><BR /><SPAN>Popup configured for a map/layer that they are publishing on their own server?</SPAN><BR /><BR /><SPAN>If you have a specific case that you would like to be addressed, you can report it to ESRI Support and we can look into this immediately.</SPAN><BR /><BR /><SPAN>thanks</SPAN><BR /><SPAN>Ravi</SPAN></BODY></HTML> Mon, 26 Sep 2011 23:07:38 GMT RaviNarayanan 2011-09-26T23:07:38Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/html-popup-response-security/m-p/427694#M2054 <HTML><HEAD></HEAD><BODY><SPAN>The REST API has a definition for an HTML Popup in a feature layer (</SPAN><A href="http://localhost:6080/arcgis/sdk/rest/ms-htmlPopup.html">http://localhost:6080/arcgis/sdk/rest/ms-htmlPopup.html</A><SPAN>). So the response includes HTML within the JSON. Could that be a security risk as it seems like a way to inject dodgy JavaScript into the response. What do you guys think?</SPAN><BR /><BR /><SPAN>Mark</SPAN></BODY></HTML> Fri, 23 Sep 2011 10:12:22 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/html-popup-response-security/m-p/427694#M2054 MarkCorbin 2011-09-23T10:12:22Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/html-popup-response-security/m-p/427695#M2055 <HTML><HEAD></HEAD><BODY><SPAN>Mark, </SPAN><BR /><BR /><SPAN>Thank you for this post. The HTML popup is configured by the author of a map in ArcMap. Is the concern here that someone could add malicous content in the HTML </SPAN><BR /><SPAN>Popup configured for a map/layer that they are publishing on their own server?</SPAN><BR /><BR /><SPAN>If you have a specific case that you would like to be addressed, you can report it to ESRI Support and we can look into this immediately.</SPAN><BR /><BR /><SPAN>thanks</SPAN><BR /><SPAN>Ravi</SPAN></BODY></HTML> Mon, 26 Sep 2011 23:07:38 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/html-popup-response-security/m-p/427695#M2055 RaviNarayanan 2011-09-26T23:07:38Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/html-popup-response-security/m-p/427696#M2056 <HTML><HEAD></HEAD><BODY><SPAN>Thanks for your response Ravi. From what you describe it doesn't seem as though it will be a problem.</SPAN></BODY></HTML> Wed, 28 Sep 2011 14:57:59 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/html-popup-response-security/m-p/427696#M2056 MarkCorbin 2011-09-28T14:57:59Z