Access Denied

Certified Senior Developer

Hello All,

Redirected to "Access Denied Page" if I enter  ../ in the text box, is this expected?

a!localVariables(
  local!searchKeyword,
  a!columnsLayout(
    columns: {
      a!columnLayout(
        contents: {
          a!textField(
            label: "Search By Keyword",
            value: local!searchKeyword,
            saveInto: {
              local!searchKeyword,
              a!save(
                local!searchKeyword,
                trim(local!searchKeyword)
              )
            },
            refreshAfter: "KEYPRESS"
          )
        }
      )
    }
  )
)

Key in../ and click on enter, then the page below is displayed, any idea why?

Application logs:

  Discussion posts and replies are publicly visible

  • 0
    Certified Senior Developer

    Hi Sneha Yada,

    I tried the same interface setup in my environment (with ../ and <script> entered in a text field), but I’m not getting redirected or seeing any error like “Access Denied.” Here’s what I’ve found:

    1. Appian's security filters like Web Application Firewall /XSS protection they trigger only when potentially harmful input is used in sensitive functions (e.g., file paths, safe links, or document references).
    2. The environment also matters-some environments  like hardened production instances may have stricter WAF rules enabled,Extra logging or redirection layers,Older hotfixes/patches where certain bugs still exist.
  • 0
    Certified Lead Developer

    Someone else reporting this issue already here. Please open a support case.