Hi,
In my DO_REQUEST methid of my controller I have
CALL METHOD request->get_form_fields
CHANGING
fields = t_value_pairs.
And I am checking t_value_pairs for any malicious characaters like SCRIPT, <,> etc., to avoid cross site scripting.
The way I do it is:
check for invalid chars
LOOP AT t_value_pairs INTO wa_value_pairs.
v_tabix = sy-tabix.
TRANSLATE wa_value_pairs-value TO UPPER CASE.
CALL METHOD me->check_invalids
EXPORTING
t_tvarvc = lt_inval
CHANGING
v_string = wa_value_pairs-value.
MODIFY t_value_pairs FROM wa_value_pairs INDEX v_tabix.
ENDLOOP.
The problem is after I do this I woud like to modify the request object, and for that I am using :
CALL METHOD request->set_form_fields( fields = t_value_pairs ).
But this is not working. A pop up I have in my url with script alert still shows up.
I also tried CALL METHOD request->set_form_fields( fields = t_value_pairs ) but nothing is working to clean the request url/object/value pairs.
Any suggestions?