cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The PTC Community email address has changed to community-mailer@ptc.com. Learn more.

Update ThingWorx 8.5 solution to not use non-encoded asterisk (*) in URLs

Update ThingWorx 8.5 solution to not use non-encoded asterisk (*) in URLs

Status: No Plans to Implement Submitted by 6-Contributor on ‎Oct 20, 2020 04:22 PM
2 Comments (2 New)

The current ThingWorx 8.5 solution uses non-encoded asterisk (*) in URLs as a part of the composer user interface. The use of non-encoded asterisk (*) in URLs is a security issue that introduces the possibility of CSS attacks. This is an issue for customers that deploy ThingWorx in highly secured environments.  

This enhancement request is to have the ThingWorx product updated to either remove the use of asterisk (*) in URLs or to properly encode them. 

See more ideas labeled with:
2 Comments
cbaldwin
13-Aquamarine
13-Aquamarine
‎May 26, 2021 09:43 AM
‎May 26, 2021 09:43 AM
Status changed to: No Plans to Implement

Hi @dpoisson , please see this article here for guidance.

 

https://www.ptc.com/en/support/article/CS333922 

olivierlp
Community Manager
Community Manager
‎Aug 16, 2021 01:06 PM
‎Aug 16, 2021 01:06 PM
Status changed to: No Plans to Implement

PTC does not consider this to be a security defect. Please see this technical support article for details: https://www.ptc.com/en/support/article/CS333922.