Solution : https://service.sap.com/sap/support/notes/887168 (SAP Service marketplace login required)
Key words :
> <input type=submit></form></body></html>, symptom xss attacks typically happen, bsp compiler automatically html encode, %><html><body><form> <% data, ></form></body></html>important, content forceencode=enabled> attribute, > <input type=submit> <, %> <input type=text, <input type=text, make life easier
Related Notes :
1411659 | |
944279 | BSP Page Directive <%@page forceEncodeOtr="html"%> and <OTR> |
891232 | BSP Security Relevant Changes |
822881 | XSS Support for BSP-Extensions HTMLB, XHTMLB and PHTMLB |