3.10 Restriction on Blacklist characters
Below table shows the list of bad characters which should not be allowed in URL path but the application’s operations requires many of the below characters to be passed in the request. So Oracle Banking Trade Finance Process Management will encode the below bad characters before sending them through the URL and same will be decoded at the server to prevent the hacker from modifying the request.
Table 3-2 Bad URL Characters (Unsafe Characters )
| Bad URL Characters | Bad URL Characters |
|---|---|
| & | // |
| < | ./ |
| > | /. |
| ; | /* |
| \" | *. |
| \' | ~ |
| % | \ |
| ) | 25% |
| ( | %25u |
| + | %25U |
| , | %00-%1f, %7f-%ff |
| " " (space) | %00-%1f and %7f-%ff |
| - | %25u and %25U |
Parent topic: Validation