Vulnerability in EPiServer.Forms
Some of our products have forward slashes in the SKU and we are using the product SKU as the product “Code” in the Episerver catalog. We're having a problem with this because we cannot access products using the Service API when there is a forward-slash in the product “Code”
If we create a product with Code 123, we can then retrieve the product via the Service API on the following endpoint:
However, if we change the product Code from "123" to "123/456", the following call will not work (404 error) due to the forward-slash in the URL (obviously breaking the routing):
I would have thought that encoding the forward slash in the product Code to “%2F” would resolve the issue.
But also does not (again 404, not found error).
Does anyone have a suggestion on how to retrieve a product that contains a forward slash using the Service API?
As you suspected, this is not supported by ServiceAPI, and I don't think adding the support is a good idea. Why do you want to have / in your code?
@Quan - thanks for your response. Product Code is based on product SKU (comparable to other examples such as Quicksilver). The business has made the poor decision to include a forward slash in some products SKU's.
I would argue that if the ServiceAPI is unable to support a forward slash in the product Code, then the Catalog Manager should also disallow a forward slash? It does not make sense to allow a create/update without supporting a read operation.
That is a valid point. I can file a bug for that, but I don't think it will get prioritized