App not installing on production when there is encoded <script> tag in iparams values

I have build up an app which takes certain input at installation screen from the user.

During testing it was noticed that if we put


as input, the app fails at installation. To handle this, we encoded the input value before saving and it worked fine at localhost.
The same application is not working, and giving us the error after deployment.

I am looking for ways to handle this. Is it something related to production environment or do we have to handle it any other way.



Same Installation error goes with me , Tried to resolve with multiple ways but error still persists.

1 Like

Can you guys help me in this regard? Two of our apps are on hold for deployment at marketplace because of this issue.

1 Like

Hi @yusrakhatri,

What is the error that is returned while installing the app with this input for the iparams? Could you also please share the browser console or network logs related to this issue?

This is what I am getting:

I can also share the network logs privately if you want?

I am getting 403 forbidden error.

@yusrakhatri I’m able to install an app to Freshdesk as a custom app with the script tags for an iparams field value.
Could you please check if the issues persist regardless of the iparams value?

Still the same error! :confused:

Does your app have any backend listening for app install event?

@ManiDeepak_Vandrangi No, there is no backened listening for app install event.

1 Like

This is recognized as an issue. Informed our team about it.

For anyone visiting this topic later, contact us for the workaround for your specific use-case.