Filtering active content
The active content filter prevents a user from embedding malicious content in Bookmarks input fields. You configure Bookmarks settings using scripts accessed using the wsadmin client. These scripts use the AdminConfig object available in WAS Admin (wsadmin) to interact with the Bookmarks configuration file. Changes to Bookmarks configuration settings require node synchronization and a restart of the Bookmarks server before they take effect.
Before starting
To edit configuration files, use the wsadmin client. See Starting the wsadmin client for details.
About this task
Bookmarks provides a filter that prevents users from using rich text descriptions with malicious scripts that are executed when other users visit bookmarks. You can disable this filter to provide richer options for content in any Bookmarks text input field.Note: Disable this filter introduces vulnerability to XSS and other types of malicious attack. See Securing applications from malicious attack for additional information.
Procedure
- Open a command window and start the wsadmin command line tool as described in the topic, Starting the wsadmin client.
- Access the Bookmarks configuration file as described in the topic Access the Bookmarks configuration file.
- To configure the active filter for Bookmarks, set the following property:
Option Description activeContentFilter.enabled Boolean. true/false. Enables/disables the active content filter for the Rich Text descriptions on bookmarks. The default value is "true" and can be set to "false" if you wish not to filter active content.
Note: Disabling the active content filter is not recommended as it will allow end users to create Rich Text Descriptions with malicious scripts that might be executed when other users visit bookmarks.
- See Apply property changes for information about how to save and apply your changes.
Parent topic
Administer Bookmarks
});