ASM : Multipart/form-data parameter value violation
Hello, After spending some time reading and searching, i can't find complete information to understand my blocking. ASM has blocked multipart/form-data content from a POST request. First is SQL injection 200002305 (sig ID) for content that looks like JSON. I will set a JSON profile for this and see. But others violations (that i am looking for explanation) doesn't look JSON but more javascript code. Detected keywords are 'javacript' and 'href', and also 'id' (execution attempt violation).
My first question : ASM interpret as parameter the following pattern (control name) "app_generated_name", is it correct behaviour ? Content-Disposition: form-data; name="_app_generated_name"
Second question : ASM founds javacscript code content inside those "parameter" value, how is that sounds to you ? It seems to be the application design, so i am afraid i will have to create exception for that.
thanks a lot for any experience sharing on this