search

F5Networks / f5-appsvcs-extension

F5 BIG-IP Application Services 3 Extension
Apache License 2.0
163 stars 52 forks source link

HTML rule "content" property should handle said HTML content #798

Open MicSkr opened 5 months ago

MicSkr commented 5 months ago

Environment

Summary

HTML_rule "content" property will contain HTML content. HTML content could include double quotes, javascript, and other non-alphanumeric characters. This needs to better handle HTML content.

https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#html-rule

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following object in a declaration: Example 1

    {
"class": "HTML_Rule",
"remark": "Some HTML Content Rule",
"ruleType": "tag-append-html",
"match": { "tagName": "/head" },
"content": "<script src="website.js"></script>"
}

    OR Example 2

    {
"class": "HTML_Rule",
"remark": "Some HTML Content Rule",
"ruleType": "tag-append-html",
"match": { "tagName": "/head" },
"content": "PHNjcmlwdCBzcmM9IndlYnNpdGUuanMiPjwvc2NyaXB0Pg=="
}

  2. Observe the following error response: Example 1 fails. Example 2 is literal Base64 in the HTML Rule content profile

Expected Behavior

HTML "content" property should handle said HTML content HTML "content" should support base64 encoding/decoding. This allows for javascript and other content that would typically include double quotes and other non-alphanumeric characters.

Actual Behavior

It is not possible to submit HTML content with quotes. It is not possible to submit Javascript. Base64 strings are placed literally into the Content HTML Profile rules.

sunitharonan commented 4 months ago

Please reach out to us at automation_toolchain_pm@f5.com in order for us to prioritize. Thanks.