Re: Why is special characters changed to HTML Name

staymini · ‎08-12-2022

The special characters of the result of my question is converted to HTML Name and output like " and &lt.
What are the conditions that are converted?
I want the result number 2, 3, 4.

My version of Splunk is 8.2.6

1. search query :

| makeresults | eval text="@@@javascript&colon;" | eval text=replace(text, "@@@", "\"") | table text

result :

&quot;javascript&colon;

2. search query :

| makeresults | eval text="@@@javascript" | eval text=replace(text, "@@@", "\"") | table text

result :

"javascript

3. search query :

| makeresults | eval text="@@@javascripta:" | eval text=replace(text, "@@@", "\"") | table text

result :

"javascripta:

4. search query :

| makeresults | eval text="@@@javascripa:" | eval text=replace(text, "@@@", "\"") | table text

result :

"javascripa:

5. search query :

| makeresults | eval text="@@@javascript&colon;" | eval text=replace(text, "@@@", "<") | table text

result :

&lt;javascript&colon;

yuanliu · ‎08-12-2022

Is it possible that this is caused by a browser setting or user preference in Splunk? I have these from Splunk 8.2.5 and 9.0.0, Safari 15.5. (Neither party has customization.) Output strings are not mangled as in your illustration.

staymini · ‎08-14-2022

It's inferred from the XSS protection.

The same conversion occurs when you create a post now.

My Browser > Chrome 104.0

it is the same when tested in version 81.

staymini · ‎08-16-2022

Found a function at js code with XSS injection protection.

Maybe this is the cause.

Why is special characters changed to HTML name?

Other

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability