Siebel CRM Siebel Security Guide Siebel Innovation Pack 2016, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
You can use the control user property Encode to encode (or not encode) values in the UI as follows:
Set the control user property Encode to False to skip or ignore HTML encoding for control values.
All control values that come from trusted sources, set Encode to False by default.
Set the control user property Encode to True to encode all control values.
For customized or newly introduced controls, all control values are encoded if Encode is set to True. True is the default value for Encode.
Siebel distinguishes the source for the calculated field value by taking the value from one of the following:
The Business Component fields.
Field values are user-entered, un-trusted, and are not provided to the browser for execution to avoid cross site scripting flaws.
The hard coded value, provided in the Siebel repository.
Hard coded values are from a trusted source and do not require encoding.