Filtering active content in ProfilesProfiles provides a filter that prevents users from creating rich text descriptions with malicious scripts that are executed when other users visit Profiles. You can enable or disable this component.
Before you beginTo edit configuration files, use the IBM WAS wsadmin client. See Starting the wsadmin client for information about how to start the wsadmin command-line tool.
Note: Disable this filter introduces a vulnerability to malicious cross-site scripting (XSS) attacks.
ProcedureTo configure active content filter settings...
- From the dmgr host:
If prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node. If the command writes or reads information to or from a file using a local file path, pick the node where the file is stored.
- Check out the Profiles configuration files:
- <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes (/) to separate directories in the file path, even if you are using the Microsoft Windows operating system.
Note: AIX and Linux only: The directory must grant write permissions or the command does not complete successfully.
- <cell_name> is the name of the WAS cell hosting the Profiles application. This argument is required. It is also case-sensitive, so type it with care. If you do not know the cell name, you can determine it by typing the following command in the wsadmin command processor: print AdminControl.getCell()
- AIX or Linux:ProfilesConfigService.checkOutConfig("/opt/prof/temp","foo01Cell01")
- Microsoft Windows:ProfilesConfigService.checkOutConfig("c:/prof/temp","foo01Cell01")
To configure the active content filter for Profiles, use the following command:
- <property> is one of the editable Profiles configuration properties.
- <value> is the new value with which you want to set that property.
The following table displays information regarding the active filter property and the type of data you can enter for it.
Table 1. The active content filter property
Option Description activeContentFilter.enabled Enables and disables filtering for active content of text entered into the About me and Background text input fields.
This property takes a Boolean value: true or false. The value must be formatted in lowercase.
For example, to disable filtering:
After making changes, check the configuration files back in, and do so during the same wsadmin session in which you checked them out for the changes to take effect. See Apply property changes in Profiles for information about how to save and apply your changes.
Parent topicManage content
Apply property changes in Profiles