SAP Note 853878 - HTTP WhiteList Check (security)

Component : Internet Communication Framework - Business Server PagesBC-SEC Security

Solution : https://service.sap.com/sap/support/notes/853878 (SAP Service marketplace login required)

Key words :
cl_http_utility=>http_whitelist_ep_css_url  cl_http_utility=>http_whitelist_sap_exiturl  cl_http_utility=>http_whitelist_wda_resume_url, potentially execute unknown javascript code, add addition security feature, additional note assistent corrections, <html> <header> <css src=, central framework provided functionality, abap server received information, externally received themeroot url, function cl_http_utility=>check_http_whitelist, execute javascript files

Related Notes :

1274793BSP: HTTP WhiteList Check fails for port entries
1261193
1245560Composite SAP Note : XSS Documentation
891232BSP Security Relevant Changes
887322Whitelist checks of sap-exit URL