Solution : https://service.sap.com/sap/support/notes/1670098 (SAP Service marketplace login required)
Key words :
sufficiently encode output parameters, cross-site scripting issue, terms cross-site scripting, modify displayed application content, potentially obtain authentification information, cross-site scripting, ca-dms reason, prerequisites bsp pages, webdocuments [ca-dms], bsp application webdocuments
Related Notes :
1678243 | Unauthorized modification of BSP in Webdocuments (2) |
1582870 | ABAP XSS Escaping Support |
1582867 | Security options (XSS) for ESCAPE |
1509753 | Webdocs:XSRF Protection for BSP Application WebDocuments. |
1505976 | Webdocs:Unauthorized Content Modification & Session Handling |
1420256 |