Specific string that looks like Code injection as parameter breaks MarkLogic functions


This Content is from Stack Overflow. Question asked by CraneSenior

I have encountered a strange behavior of MarkLogic script evaluation (through qconsole or REST API) when trying to invoke ServerSide JavaScript functions. I was manipulating a JavaScipt object that had a string property with text which includes that:

") -- or "

e.g. try to evaluate this script in qconsole:
fn.contains("text"," ) -- or ");
You can add any prefix and suffix to the second parameter, it always fail with ‘Connection was reset’ information, no matter how I invoke it, in qconsole, or by REST API
enter image description here

Can it be some sort of ‘code injection’ that breaks some internals? After that invocation I even could not find any entries in MarkLogic log regarding my calls.


This question is not yet answered, be the first one who answer using the comment. Later the confirmed answer will be published as the solution.

This Question and Answer are collected from stackoverflow and tested by JTuto community, is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.

people found this article helpful. What about you?