My Oracle Support Banner

WebCenter Portal Page with Query Parameter Value '~' fails with Error (Doc ID 2652787.1)

Last updated on MARCH 31, 2020

Applies to:

Oracle WebCenter Portal - Version 12.2.1.3.190416 and later
Information in this document applies to any platform.

Symptoms

Receive an error when a query parameter has a value with '~'.  For example, if a sample portal is accessed using  /webcenter/portal/testportal?test=~1, this will return error:

SecurityConfiguration for ESAPI.Authenticator not found in ESAPI.properties. Using default: org.owasp.esapi.reference.FileBasedAuthenticator
<[SECURITY FAILURE Anonymous:null@unknown -> /DefaultName/IntrusionDetector] Invalid input: context=HTTP Query String : test=~1, type(HTTP_QUERY_PATTERN_STRING)=^[[\w_\?\\\/\.\&\,\- =\%+\*!:#()]]+$, input=test=~1
org.owasp.esapi.errors.ValidationException: HTTP Query String : test=~1: Invalid input. Please conform to regex ^[[\w_\?\\\/\.\&\,\- =\%+\*!:#()]]+$ with a maximum length of 2000
  at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)
  at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:306)
  at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:213)
  at oracle.webcenter.webcenterapp.utils.WCRequestValidator.esValidate(WCRequestValidator.java:145)
  at oracle.webcenter.webcenterapp.utils.WCRequestValidator.validate(WCRequestValidator.java:125)
  at oracle.webcenter.webcenterapp.utils.WCRequestValidator.validate(WCRequestValidator.java:79)



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.