+

Search Tips   |   Advanced Search

Protecting against malicious active content

The active content filter prevents users from embedding malicious content in Communities input fields.

Communities provides a filter that prevents users from using rich text descriptions with malicious scripts that are started when other users visit Communities. We can disable this filter to provide richer options for content in any Communities text input field.

Disabling this filter introduces vulnerability to cross-site scripting (XSS) and other types of malicious attack. for additional information.

To configure the active content filter.

  1. Access the Communities configuration files:

    To get cell name...

  2. To check the current setting of the active content filter property:

    CommunitiesConfigService.showConfig() Look for the following property in the output that displays:

      activeContentFilter.enabled = true

  3. To change the value of the active content filter property:

    CommunitiesConfigService.updateConfig("property", "value") where

    • property is one of the editable Communities configuration properties.

    • value is the new value with which to set that property.

    The following table displays information regarding the active content filter property and the type of data that we can enter for it.

    Property Description
    activeContentFilter.enabled When enabled, this property prevents the addition of active content (JavaScript, for example) to any Community text input field.

    This property takes a Boolean value: true or false.

    For example:

      CommunitiesConfigService.updateConfig("activeContentFilter.enabled", "false")

  4. After making changes, check the configuration files back in, and we must do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying property changes in Communities for information about how to save and apply the changes.


Parent topic:
Remove unwanted community content


Related:

Secure applications from malicious attack


Related:

Apply property changes in Communities

Related reference:

Communities configuration properties