Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Using the "Add Criteria" drop down results in HTML encoded double quote characters on any text based field

Using the "Add Criteria" drop down results in HTML encoded double quote characters on any text based field

Version
Using the "Add Criteria" drop down results in HTML encoded double quote characters on any text based field.


Issue

From a Process or Binary Search page, when using the Add Criteria drop down to include text based fields that have double quotes in the field value, the resulting search query uses HTML encoded &quot values instead of the double quote character ".

 

Symptoms

One would see the "&quot" characters show up for text based fields when using the drop down, but if you included the query in the "Search" text box, double quotes appear as expected. For example the following:

1. From a Process Search -> Add Criteria -> Process Name -> "chrome.exe"

This produces the results for the query: process_name:"chrome.exe"

 

2. From a Process Search, include the desired query in the search text box: process_name:"chrome.exe"

This produces the results for the query: process_name:"chrome.exe"


Cause
The affected fields in the "Add Criteria" drop down were not escaping double quotes properly.

Solution

Avoid using the "Add Criteria" drop down when you observe this behavior, and simply include the desired query with the double quotes in the "Search" text box to see the desired results.

 

A fix is targeted for v5.1 and is being tracked under defect CBUI-1286.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-15-2015
Views:
301
Contributors