In order to address cross-site scripting vulnerabilities, SAS Web Report Studio no longer enables you to use data items that include a percent sign (%) in their names. For example, when you select the data item in the Select Data dialog box, you see the following message when you click OK: 

The error also occurs if you select the data item in the report wizard.

If you have error details turned on, you might see an error that is similar to this one, depending on the position of the % in the data item name:

In addition, the SAS Web Report Studio log might contain an error that is similar to the following:

Since this change was implemented in order to address a security vulnerability, there is no workaround that enables you to use a % when it appears in the original data-item names. However, you can use SAS Web Report Studio to create a custom data item with % in its name. This workaround would have to be implemented in each report for each data item that contains a % in its name. 

Note: Because this restriction is enforced when the data item is selected for a report, existing reports that use data items with a % in their names might continue to work. 

Note: In general, do not use any special characters in data-item names. For example, if the data-item name includes an apostrophe, you might see warnings about a possible script attack. Also see SAS Note 62765, "Guidelines for naming information maps for use with SAS Web Report Studio."