Discarding request. Probably contains XSS code : Helpdesk platform

ProVu Support

started a topic over 4 years ago

Hi,

this is possibly the strangest ticket I've ever created :)

I have discovered on firmware 8.7.5.35 (on several different snom models, D765, 760 etc...):

if the sip password contains the word "monkey", I get the error message above.

Not really sure if this is a bug, intentional or some kind of easter-egg but it made me laugh anyway.

cheers,

Paul.

Best Answer

A

Alberto Sagredo Castro said over 4 years ago

Hi Provu

We created a ticket and we answered you from that.

Have a nice day!

ProVu Support

said over 4 years ago

oh I think I've posted this to the wrong place. I was intending on creating a support ticket.

This doesn't happen on older firmwares (we have a phone here on 8.7.5.13 which doesn't display the message.

cheers,

Paul.

Alberto Sagredo Castro

said over 4 years ago

Answer

Hi Provu

We created a ticket and we answered you from that.

Have a nice day!

D

David Hundt

said 10 months ago

Ok, I agree that is the weirdest part of my week.

I searched for

Discarding request. Probably contains XSS code

error and the first hit was monkey in the password! Nuts, or maybe I should say bananas.

Seems like I'm locked out of admin advanced mode too.

Would you please provide the same ticket information to me as well. Thank you!

J

Jan Boguslawski

said 10 months ago

Hi David,

please see: https://service.snom.com/display/wiki/10.1.42.14+Release

In 10.1.42.14 Release and higher the correction is implemented:

Release Notes reference: SAP-780: Improved XSS protection measuring, critical strings e.g. OnKey & OnClick can now be accepted as part of setting values (e.g. Monkey or MyFonclick were refused) [SCPP-7460]

Please update to this release or higher. Thanks!

Greetings from Berlin and stay safe,

Jan

Jan Boguslawski

Product Owner Snom

D

David Hundt

said 10 months ago

Thank you.

Always good to know I'm not going mad, yet.....