script tag is not accepting in wcs7 management center

classic Classic list List threaded Threaded
2 messages Options
Shout Box Shout Box
Reply | Threaded
Open this post in threaded view
|

script tag is not accepting in wcs7 management center

script tag is not accepting in wcs7 management center in E-mail activity content, how to achieve this??

i would like to add a js file in email content

for that am using <script> tag

but management center not accepting script word

giving error like script is a prohibited characters
buggybread buggybread
Reply | Threaded
Open this post in threaded view
|

Re: script tag is not accepting in wcs7 management center

This restriction has been done to protect the application from XSS attack ( cross site scripting ).

You can try by disabling XSS protection.

Steps

1. Open the following file:

LOBTools.war/WEB-INF/web.xml

WebSphere Commerce Developer LOBTools/WebContent/WEB-INF/web.xml

See Management Center Web application file locations for more information.

2. Search for and remove the following snippet:

<param-name>com.ibm.commerce.security.crosssitescriptingprovider</param-name> 
<param-value>com.ibm.commerce.foundation.internal.client.security.impl.
ClassicCommerceCrossSiteScriptingProviderImpl</param-value>

3. Save your changes and close the file.

4. Deploy your changes.

But please keep in mind that by doing so you are making your app vulnerable to XSS attack. Here is an article regarding Cross Site Scripting ( XSS )

http://www.buggybread.com/2012/10/hack-hacker-cross-site-scripting-xss.html
www.buggybread.com