HTML Escape Encoding of String Field Values

To prevent errors and potential security vulnerabilities, including cross-site scripting (XSS) attacks, special characters in string fields, such as ApiEntityProject.description, are encoded using HTML escape format and sent back to the user in the REST API response.

This encoding ensures that characters meant to be part of the data are not misinterpreted as HTML code, preserving the intended display of the content.

On the client side, HTML escape decoding is necessary to retrieve the original values. For decoding HTML escape encoding on string field values, the following Java library method can be used. For more details about the library, refer to the Class StringEscapeUnits documentation.

org.apache.commons.text.StringEscapeUtils.unescapeHtml4(String inputValue)

Note: The Oracle Primavera Cloud POST and PUT APIs accept values for string fields in both encoded and non-encoded formats in the request payload.