# Web service calls with templates should be escaped

<table><thead><tr><th width="138">Check ID</th><th>MF_0006</th></tr></thead><tbody><tr><td>Category</td><td>Security</td></tr><tr><td>Summary</td><td>Calls to external web services from within a microflow can used templates. Templates allow you to configure the web service call at runtime with information provided from the user or from the database. If the data used for the web service call is provided by the user it should be escaped (URL enocoded). This prevents a malicious user from trying to hack the web service call by entering data that will cause your app to make requests that you don't expect. Use the <strong>urlEncode</strong> expression in the microflow editor for this purpose. Note: This check cannot determine if you have properly escaped the values used for your template. It will only flag microflows that are using web service calls with templates so that you can visually inspect each microflow in Mendix Studio Pro.</td></tr><tr><td>Options</td><td>This check does not have any options.</td></tr><tr><td>Pass</td><td>Your microflow does not use any web service calls that use templates.</td></tr><tr><td>Fail</td><td>Your microflow uses web service calls that use templates.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bluestorm.io/checks/microflow/mf_0006.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.