Community
Select to view content in your preferred language

HTML popup response security

603
2
09-23-2011 03:12 AM
MarkCorbin
by
Occasional Contributor
‎09-23-2011 03:12 AM
The REST API has a definition for an HTML Popup in a feature layer (http://localhost:6080/arcgis/sdk/rest/ms-htmlPopup.html). So the response includes HTML within the JSON. Could that be a security risk as it seems like a way to inject dodgy JavaScript into the response. What do you guys think?

Mark
0 Kudos
2 Replies
RaviNarayanan
by Esri Contributor
Esri Contributor
‎09-26-2011 04:07 PM
Mark,

Thank you for this post. The HTML popup is configured by the author of a map in ArcMap. Is the concern here that someone could add malicous content in the HTML
Popup configured for a map/layer that they are publishing on their own server?

If you have a specific case that you would like to be addressed, you can report it to ESRI Support and we can look into this immediately.

thanks
Ravi
0 Kudos
MarkCorbin
by
Occasional Contributor
‎09-28-2011 07:57 AM
Thanks for your response Ravi. From what you describe it doesn't seem as though it will be a problem.
0 Kudos