Splunk Search

Why is special characters changed to HTML name?


The special characters of the result of my question is converted to HTML Name and output like " and &lt.
What are the conditions that are converted?
I want the result number 2, 3, 4.

My version of Splunk is 8.2.6

1. search query :

| makeresults | eval text="@@@javascript:" | eval text=replace(text, "@@@", "\"") | table text

 result :


 2. search query :

| makeresults | eval text="@@@javascript" | eval text=replace(text, "@@@", "\"") | table text

 result :


3. search query :

| makeresults | eval text="@@@javascripta:" | eval text=replace(text, "@@@", "\"") | table text

 result :


4. search query :

| makeresults | eval text="@@@javascripa:" | eval text=replace(text, "@@@", "\"") | table text

 result :


5. search query :

| makeresults | eval text="@@@javascript&colon;" | eval text=replace(text, "@@@", "<") | table text

 result :



Labels (1)
0 Karma


Is it possible that this is caused by a browser setting or user preference in Splunk?  I have these from Splunk 8.2.5 and 9.0.0, Safari 15.5. (Neither party has customization.)  Output strings are not mangled as in your illustration.



0 Karma


It's inferred from the XSS protection.

The same conversion occurs when you create a post now.

My Browser > Chrome 104.0

it is the same when tested in version 81.




0 Karma


Found a function at js code with XSS injection protection.

Maybe this is the cause.



0 Karma
Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...