Bug ID 476191: Bypass unicode validation on XML and JSON profiles by internal parameter

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF6

Opened: Aug 20, 2014

Severity: 3-Major

Symptoms

Some UTF-8 characters in JSON data can result in the "Malformed JSON data" violation.

Impact

The ASM identified properly formatted JSON data as malformed.

Conditions

JSON and UTF-8 handling -- There are applications that use unicode characters that are not mapped as allowed by the ASM XML/JSON parser.

Workaround

N/A

Fix Information

So that you can bypass unicode validation on XML and JSON profiles, we added two internal parameters: - relax_unicode_in_xml: The default is 0 which is the current behavior. When the value is changed to 1, a bad unicode character does not produce an XML malformed violation. A bad unicode character might be a legal unicode character that does not appear in the mapping of the system's XML parser. - relax_unicode_in_json: The default is 0 which is the current behavior. When the value is changed to 1, a bad unicode character does not produce a JSON malformed violation. A bad unicode character might be a legal unicode character that does not appear in the mapping of the system's JSON parser.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips