App not installing on production when there is encoded <script> tag in iparams values

App Platform
,
1

I have build up an app which takes certain input at installation screen from the user.

During testing it was noticed that if we put

<Script>alert();</Script>

as input, the app fails at installation. To handle this, we encoded the input value before saving and it worked fine at localhost.
The same application is not working, and giving us the error after deployment.

I am looking for ways to handle this. Is it something related to production environment or do we have to handle it any other way.

Thanks.

2 Likes
3

Same Installation error goes with me , Tried to resolve with multiple ways but error still persists.

1 Like
4

@Raviraj
@velmurugan
@Saif
Can you guys help me in this regard? Two of our apps are on hold for deployment at marketplace because of this issue.

1 Like
5

Hi @yusrakhatri,

What is the error that is returned while installing the app with this input for the iparams? Could you also please share the browser console or network logs related to this issue?

6

@Raviraj
This is what I am getting:

1
11366×768 107 KB

I can also share the network logs privately if you want?

I am getting 403 forbidden error.

7

@yusrakhatri I’m able to install an app to Freshdesk as a custom app with the script tags for an iparams field value.
Could you please check if the issues persist regardless of the iparams value?

8

Still the same error! :confused:

9

@yusrakhatri,
Does your app have any backend listening for app install event?

10

@ManiDeepak_Vandrangi No, there is no backened listening for app install event.

1 Like
11

This is recognized as an issue. Informed our team about it.

For anyone visiting this topic later, contact us for the workaround for your specific use-case.

5 Likes