Script Tag not accepting in Management Center

StackOverflow https://stackoverflow.com/questions/21151961

  •  28-09-2022
  •  | 
  •  

Question

script tag is not accepting in wcs7 management center in E-mail activity content, how to achieve this??

i would like to add a js file in email content

for that am using tag

but management center not accepting script word

giving error like script is a prohibited characters

Was it helpful?

Solution

This restriction has been done to protect the application from XSS attack ( cross site scripting ).

You can try by disabling XSS protection.

Steps

  1. Open the following file:

    LOBTools.war/WEB-INF/web.xml

    WebSphere Commerce Developer LOBTools/WebContent/WEB-INF/web.xml

    See Management Center Web application file locations for more information.

  2. Search for and remove the following snippet:

    com.ibm.commerce.security.crosssitescriptingprovider
    com.ibm.commerce.foundation.internal.client.security.impl. ClassicCommerceCrossSiteScriptingProviderImpl

  3. Save your changes and close the file.

  4. Deploy your changes.

But please keep in mind that by doing so you are making your app vulnerable to XSS attack.

OTHER TIPS

There is a black list filter definition in wc-server.xml that is checked on all incoming requests. If the request matches the filter, it gets rejected.

The script html tag is a part of that black list to prevent anyone from injecting potentially malicious content.

Removing this black list isn't recommended.

Also, it's usually not recommended to insert scripts in e-mail as most mail providers will strip them out for security reasons.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top