When integrating with Sybase Unwired Platform, SiteMinder uses default settings for the Web agent to stop cross-site scripting cross-site scripting (XSS) attacks. The SiteMinder default settings do not allow use of special characters and can lead to integration issues with Sybase Unwired Platform.
By default, the Web agent does not allow certain characters, often seen in XSS attacks, to be including in the URLs it processes. The Web agent allows only legal characters, according to the defined HTTP standard.
Native HTTP OData applications, typically use, and sometimes require, URLs that contain characters within a left and right parenthesis ( ) and within single quotes ' '. The left and right parenthesis and single-quotes characters are prohibited.
The SiteMinder administrator must modify the Web agent configuration in the policy server to either disable XSS filtering entirely or change the default forbidden characters.