Home

 

Filtering active content

The active content filter prevents a user from embedding malicious content in Bookmarks input fields. You configure Bookmarks settings using scripts accessed using wsadmin. These scripts use the AdminConfig object available in WebSphere Application Server Admin (wsadmin) to interact with the Bookmarks configuration file. Changes to Bookmarks configuration settings require node synchronization and a restart of the Bookmarks server before they take effect.

To edit configuration files, use wsadmin. See Start the wsadmin client for details.


Bookmarks provides a filter that prevents users from using rich text descriptions with malicious scripts that are executed when other users visit bookmarks. You can disable this filter to provide richer options for content in any Bookmarks text input field.

Disabling this filter introduces vulnerability to XSS and other types of malicious attack. See Securing features from malicious attack for additional information.

  1. Open a command window and start the wsadmin command line tool as described in the topic, Starting wsadmin.

  2. Access the Bookmarks configuration file as described in the topic Accessing the Bookmarks configuration file.

  3. To configure the active filter for Bookmarks, set the following property:

    Option Description
    activeContentFilter.enabled

    Boolean. true/false.

    Enables/disables the active content filter for the Rich Text descriptions on bookmarks. The default value is "true" and can be set to "false" if you wish not to filter active content.

    Disabling the active content filter is not recommended as it will allow end users to create Rich Text Descriptions with malicious scripts that might be executed when other users visit bookmarks.

  4. See Applying property changes for information about how to save and apply your changes.


Administer Bookmarks


+

Search Tips   |   Advanced Search