Special characters in Device Name being formatted by FS API backend incorrectly

I ran some tests with postman to see if these less than symbols were caused by FS or our application. we see that it is FS causing these character translations. My conclusion is that is an issue with FS as we are posting the device names as displayed to the API. I have seen these character translations when working with XML files.

&lt; is the equivalent to <
&gt; is the equivalent to >
<…> anything in between these character is removed, not equal to

Here are my test cases with calls directly to the FS API with Postman

Device Name Expected Actual
device<42>device device<42>device devicedevice
device<<42>>device device<<42>>device device<>device
device<42device device<42device device<42device
device42<<<device device42<<<device device42<<<device
device42>device device42>device device42>device
device42>>>>>device device42>>>>>device device42>>>>>device

edit:
I see that this forum takes the characters and translates them to the respective character symbol. Please see attached image

3 Likes

@osanchez,

I understand from your post that, FS API is causing some unwanted translations. But to work with the team to solve this issue, I need your help with bit more information

Is it possible for you to let me know,

  1. What were you trying to accomplish?
  2. When and how does this translation happen?
  3. How is it affecting your app usual expectation?
  1. What were you trying to accomplish?
    We are creating an integration app that will import devices, applications, and relationships into Freshservice. We have a sync that utilizes the Freshservice API to get these assets into Freshservice

  2. When and how does this translation happen?
    The translation occurs during our sync which uses the Freshservice API . You can create an asset directly (using curl) along with a device name containing the characters I listed in this post and see the outcome of the translation.

  3. How is it affecting your app usual expectation?
    Though it is not common, if a device name contains these special characters it can be confusing to a customer when looking for their device.

We understand this is done to prevent HTML injection, as a resolution and expected outcome. translate both the < and > characters, not just the < as shown in the attached photo.