154 views

Description

If a user manages to paste a value into a catalog item string variable, which includes unprintable ASCII characters, then:

  1. The value is saved in the cart item sc_item_option record
  2. The Edit Cart 2 step checkout page com.glideapp.servicecatalog_cart_view_v2 will not load with an error such as:
    Character reference "&#16" is an invalid XML character.

At least  &#16 &#14 have been seen in variable data.

Our platform is based on XHTML and so these will be encoded like  however XML parsers will reject those characters.

Unprintable mean the first 32 entries in the ASCII table that are used for ANSI/VT100 Terminal codes, rather than being actual number/letter/symbol characters. These are still used in windows and unix terminals and SSH sessions, including these, and copying/pasting from those screens can include these characters in some situations.

9h = HT '\t' (horizontal tab)
11h = VT '\v' (vertical tab)
14h =DC4 (device control 4)
16h = DLE (data link escape)
19h= DC3 (device control 3)

 

Steps to Reproduce

 

  1. Create a Catalog item with a single-line text variable.
  2. To open the item in the catalog, click Try it.
  3. Copy/paste text into the variable, including some hieroglyphs starting with 17h, followed by proper text after unprintable characters.
  4. Add to cart. Note that a sc_item_option record now exists with this value.
  5. Click Edit Cart. This loads the com.glideapp.servicecatalog_cart_view_v2 UI Page that is also used for 2-step checkout.

Note the error: Character reference "&#17" is an invalid XML character.

 

Workaround

There is a short term workaround, however the recommendation is to upgrade to a version that this is resolved in. If you are able to upgrade, review the Fixed In field below to determine the versions that have a permanent fix.

As a short term workaround the following steps can be taken, but there is some risk involved.

  1. To repair the cart item so that it can be submitted, the sc_item_option records needs finding and corrected to remove the bad characters. 
  2. An admin can do a quick relief to clear the Shopping Cart sc_cart.list for that particular user by user and date but that would require a lot of careful consideration as it would delete the that particular shopping cart from the list. if you would like to go that option as a workaround, care has to be taken to delete the right record as the process is irreversible. 

 


Related Problem: PRB810213

Seen In

Fuji Patch 11
Fuji Patch 13 Hot Fix 1
Fuji Patch 6
Geneva Patch 6 Hot Fix 2
Helsinki Patch 1

Fixed In

Istanbul Patch 6
Jakarta

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-03-14 06:29:48
Published:2017-08-24