Web service calls with templates should be escaped

Check ID

MF_0006

Category

Security

Summary

Calls to external web services from within a microflow can used templates. Templates allow you to configure the web service call at runtime with information provided from the user or from the database. If the data used for the web service call is provided by the user it should be escaped (URL enocoded). This prevents a malicious user from trying to hack the web service call by entering data that will cause your app to make requests that you don't expect. Use the urlEncode expression in the microflow editor for this purpose. Note: This check cannot determine if you have properly escaped the values used for your template. It will only flag microflows that are using web service calls with templates so that you can visually inspect each microflow in Mendix Studio Pro.

Options

This check does not have any options.

Pass

Your microflow does not use any web service calls that use templates.

Fail

Your microflow uses web service calls that use templates.

PreviousUse inherited entities from System module NextNaming Standards - Microflows

Last updated 2 months ago