Adobe Campaign Classic JSSP Page Error | Community
Skip to main content
A
anurags23332948
Level 2
January 30, 2019
Solved

Adobe Campaign Classic JSSP Page Error

  • January 30, 2019
  • 3 replies
  • 5106 views

Hi Team,

I am working on a simple Web-hosted form with First Name, Last Name, Email Address, and Territory and Submit Button. Once we click on the Submit button, this information is POST'ed to the JSSP Page which is created and hosted in Adobe Campaign Classic. Now, This JSSP page contains the below code

<%

  response.setContentType("text/html;charset=utf-8") 

  logonEscalation("webapp");

 

  var rcp =

    <recipient

      _operation="insertOrUpdate"

      _key="@email"

      xtkschema="nms:recipient"

      firstName={request.getParameter("firstName")}

      lastName={request.getParameter("lastName")}

      email={request.getParameter("email")}

      territory={request.getParameter("territory")}>

    </recipient>;

   

  xtk.session.Write(rcp);

%>Loading...

<meta http-equiv="refresh" content="1; url=<%= request.getParameter("url")%>">

Issue:-

My Issue here is that I am able to submit the data without any trouble Not getting any error message and data is getting stored on Adobe Campaign DB, But if someone else is trying to post the data, they are getting the error message as below:-

Any thoughts what am I doing wrong here or what could be the reason.

Tagging community champs for any inputs..

Vipul Raghav

Amit_Kumar

Jean-Serge Biron

davidl14970702

florentlb

Adhiyan

Ananya Kuthiala

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by Jonathon_wodnicki

    Hi,

    Change logonEscalation to admin. There are numerous problems here besides:

    • Anyone can set anyone's recipient record to anything, intentionally or not. The page should be inserting new rows into a staging table, then batch-processing via a scheduled workflow, with conflicts manually resolved or discarded
    • Email address syntax isn't validated
    • UTF-8 is declared in the content-type header, but params aren't being read as utf-8. Use request.getUTF8Parameter() instead
    • Content-type header is set, but the page is just a meta redirect
    • Link to visit isn't given to users who've disabled meta redirects
    • Redirected url isn't validated or sanitized, leaving page vulnerable to a variety of attacks

    Thanks,

    -Jon

    3 replies

    Jonathon_wodnicki
    Community Advisor
    Jonathon_wodnickiCommunity AdvisorAccepted solution
    Community Advisor
    February 1, 2019

    Hi,

    Change logonEscalation to admin. There are numerous problems here besides:

    • Anyone can set anyone's recipient record to anything, intentionally or not. The page should be inserting new rows into a staging table, then batch-processing via a scheduled workflow, with conflicts manually resolved or discarded
    • Email address syntax isn't validated
    • UTF-8 is declared in the content-type header, but params aren't being read as utf-8. Use request.getUTF8Parameter() instead
    • Content-type header is set, but the page is just a meta redirect
    • Link to visit isn't given to users who've disabled meta redirects
    • Redirected url isn't validated or sanitized, leaving page vulnerable to a variety of attacks

    Thanks,

    -Jon

      A
      anurags23332948Author
      Level 2
      February 8, 2019

      Hi ,

      Thanks for responding. Can you help me with logonEscalation(admin), as the page is getting redirected but no record is getting stored in Adobe Campaign DB. Your help would be really appreciated

      david--garcia
      david--garcia
      Level 10
      February 8, 2019

      Whats wrong with using a webapp?

      Terms & ConditionsAccessibility statement

      Loading footer...