My Oracle Support Banner

WebCenter Portal Page with Query Parameter Value '~' fails with Error (Doc ID 2652787.1)

Last updated on SEPTEMBER 30, 2022

Applies to:

Oracle WebCenter Portal - Version and later
Information in this document applies to any platform.


Receive an error when a query parameter has a value with '~'.  For example, if a sample portal is accessed using  /webcenter/portal/testportal?test=~1, this will return error:

SecurityConfiguration for ESAPI.Authenticator not found in Using default: org.owasp.esapi.reference.FileBasedAuthenticator
<[SECURITY FAILURE Anonymous:null@unknown -> /DefaultName/IntrusionDetector] Invalid input: context=HTTP Query String : test=~1, type(HTTP_QUERY_PATTERN_STRING)=^[[\w_\?\\\/\.\&\,\- =\%+\*!:#()]]+$, input=test=~1
org.owasp.esapi.errors.ValidationException: HTTP Query String : test=~1: Invalid input. Please conform to regex ^[[\w_\?\\\/\.\&\,\- =\%+\*!:#()]]+$ with a maximum length of 2000
  at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(
  at org.owasp.esapi.reference.validation.StringValidationRule.getValid(
  at org.owasp.esapi.reference.DefaultValidator.getValidInput(
  at oracle.webcenter.webcenterapp.utils.WCRequestValidator.esValidate(
  at oracle.webcenter.webcenterapp.utils.WCRequestValidator.validate(
  at oracle.webcenter.webcenterapp.utils.WCRequestValidator.validate(




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.