The Oracle Commerce Platform provides mechanisms for filtering requests to protect against cross-site attacks. The filtering is done by validating the request parameters to ensure they do not contain suspicious values. For example, if a parameter value contains a <script> tag, you might want the request to be rejected, because this tag can be used to inject malicious JavaScript code.
Separate mechanisms are required for validating query parameters (which are part of the request URL) and POST parameters (which are part of the body of the request). This chapter discusses how to configure and use both mechanisms. It includes the following sections:
