We want to restrict this pattern on outsystem
Appreciate your help and support on this.
for pattern "><img%20src=x%20onerror=prompt(1);>
You need to explain your problem.
Why are you sending encoded HTML in the URL? Was that an attempt of code injection?
@Nuno Reis : This error appears when the environment is accessed using a malformed or malicious URL pattern, for example:https://siya.outsystemscloud.com/><img
@Rehan Hamayoun : The behavior you are observing is not specific to OutSystems. It originates from IIS, which hosts the OutSystems applications. This is expected and intended behavior: IIS throws an exception when it detects a potentially dangerous request (such as HTML or script injection in the request path).
The detailed error message is visible when the request is executed locally (for example, http://localhost/><img), or if the application’s custom error settings are modified to expose error details remotely.
Since this behaviour is a security measure designed to prevent the execution of malicious requests, you can create a custom HTML error page and configure IIS to display that page whenever such requests are blocked, replacing the default error message with a cleaner, user-friendly one.
hi @Nuno Reis yep that an attempt of code injection on browser like chrome/edge
something like that below and it throws error.
https://abc.xyz.com/ "><img%20src=x%20onerror=prompt(1);>
Hi Thanks @Siya let me try your suggested workaround and will update you