XSS attack protection

To avoid XSS attack, CLAPI decodes the request body when it receives a request from a client. It encodes the response body when it sends back the response to a client. Because the request and response body are almost JSON objects, CLAPI only provides encoding/decoding on these characters:

"&" <-- "&amp;"

"<" <-- "&lt;"

">" <-- "&gt;"

"'" <-- "&#x27;"

"/" <-- "&#x2F;"