Hi Team,
We have implemented an ECE chatbot for one of the customers.
Their network team has raised an SQL Injection flag on the communication that happens in start chat.
When we initiate a new chat, egain javascript API is looking for l10n/messaging_en_US.properties
snippet from egain.js
// sending messaging_xx_XX.properties file content
body.c('messagingData', '<![CDATA['+this.eGainMessagingProperty+']]>').up();
The data is picked from the messaging and appended in XML tag with <![CDATA[
We need to understand the usage and how do we remove <![CDATA[