XSS attack protection
To avoid XSS attack, CLAPI decodes the request body when it receives a request from a client. It encodes the response body when it sends back the response to a client. Because the request and response body are almost JSON objects, CLAPI only provides encoding/decoding on these characters:
"&" <-- "&"
"<" <-- "<"
">" <-- ">"
"'" <-- "'"
"/" <-- "/"