Oracle Banking Trade Finance Process Management uses parameterized JPQL/SQL queries with bind variables to construct and execute SQL statements in JAVA.

Oracle Banking Trade Finance Process Management is a web based application, the request data from browser to server will be passed using request headers and request parameters. All the request fields coming from the client are validated using whitelist validation to prevent cross site scripting.
User defined methods used for input validation which checks each character of the request field with a range of allowed characters. In addition, OJET framework handles the input attribute validations. User defined methods escapeJavaScript(), escapeHTML() and escapeURL() will sanitize the output data before flushing it into client browser.
escapeJavaScript() will escape all characters except immune JavaScript characters and alphanumeric characters in the ASCII character set. All other characters are encoded using the \\xHH or \\uHHHH notation for representing ASCII or Unicode sequences.escapeHTML() will escape the characters with equivalent HTML entities obtained from the lookup map. Lookup map will have entities such as amp, quot, lt, gt etc.
escapeURL() will encode the URL using URLEncoder class.
Whitelist validation is also used to restrict Image/signature/excel upload and to check rights for every operation performed by user.

Field level validations exist for all mandatory fields. Database too had limits on the type and the length of data. Blacklisted characters are not allowed in the mandatory fields. Nevertheless, Oracle Banking Trade Finance Process Management has free-text fields, which takes all data, entered by the user, as a String.

Blacklisted characters on Oracle Banking Trade Finance Process Management handled by OJET. Hence application developer’s need not to handle specifically.