Expand my Community achievements bar.

SOLVED

Adobe Campaign Classic JSSP Page Error

Avatar

Level 2

Hi Team,

I am working on a simple Web-hosted form with First Name, Last Name, Email Address, and Territory and Submit Button. Once we click on the Submit button, this information is POST'ed to the JSSP Page which is created and hosted in Adobe Campaign Classic. Now, This JSSP page contains the below code

<%

  response.setContentType("text/html;charset=utf-8") 

  logonEscalation("webapp");

 

  var rcp =

    <recipient

      _operation="insertOrUpdate"

      _key="@email"

      xtkschema="nms:recipient"

      firstName={request.getParameter("firstName")}

      lastName={request.getParameter("lastName")}

      email={request.getParameter("email")}

      territory={request.getParameter("territory")}>

    </recipient>;

   

  xtk.session.Write(rcp);

%>Loading...

<meta http-equiv="refresh" content="1; url=<%= request.getParameter("url")%>">

Issue:-

My Issue here is that I am able to submit the data without any trouble Not getting any error message and data is getting stored on Adobe Campaign DB, But if someone else is trying to post the data, they are getting the error message as below:-

1.JPG2.JPG

Any thoughts what am I doing wrong here or what could be the reason.

Tagging community champs for any inputs..

Vipul Raghav

Amit_Kumar

Jean-Serge Biron

davidl14970702

florentlb

Adhiyan

Ananya Kuthiala

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

Change logonEscalation to admin. There are numerous problems here besides:

  • Anyone can set anyone's recipient record to anything, intentionally or not. The page should be inserting new rows into a staging table, then batch-processing via a scheduled workflow, with conflicts manually resolved or discarded
  • Email address syntax isn't validated
  • UTF-8 is declared in the content-type header, but params aren't being read as utf-8. Use request.getUTF8Parameter() instead
  • Content-type header is set, but the page is just a meta redirect
  • Link to visit isn't given to users who've disabled meta redirects
  • Redirected url isn't validated or sanitized, leaving page vulnerable to a variety of attacks

Thanks,

-Jon

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi,

Change logonEscalation to admin. There are numerous problems here besides:

  • Anyone can set anyone's recipient record to anything, intentionally or not. The page should be inserting new rows into a staging table, then batch-processing via a scheduled workflow, with conflicts manually resolved or discarded
  • Email address syntax isn't validated
  • UTF-8 is declared in the content-type header, but params aren't being read as utf-8. Use request.getUTF8Parameter() instead
  • Content-type header is set, but the page is just a meta redirect
  • Link to visit isn't given to users who've disabled meta redirects
  • Redirected url isn't validated or sanitized, leaving page vulnerable to a variety of attacks

Thanks,

-Jon

Avatar

Level 2

Hi ,

Thanks for responding. Can you help me with logonEscalation(admin), as the page is getting redirected but no record is getting stored in Adobe Campaign DB. Your help would be really appreciated

Avatar

Community Advisor

Whats wrong with using a webapp?