Home

 

Filter active content


Overview

Profiles provides a filter that prevents users from creating rich text descriptions with malicious scripts that are executed when other users visit Profiles. You can enable or disable this component.

The active content filter prevents a user from embedding malicious content such as JavaScript in the About me and Background text input fields. You can disable the filter to provide richer options for content in these fields.

Disabling this filter introduces a vulnerability to malicious cross-site scripting (XSS) attacks.


Configure active content filter settings

  1. Use wsadmin to access and check out the Profiles configuration files.

    1. Access the Profiles configuration files:

    2. Check out the Profiles configuration files...

      ProfilesConfigService.checkOutConfig("<working_directory>", "cell_name")

      where:

      • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

      • cell_name is the name of the WebSphere Application Server cell hosting the Profiles feature. This argument is required even in stand-alone deployments. This argument is case-sensitive, so type it with care. If you do not know the cell name, do one of the following to determine it:

        • Stand-alone deployment: See:

          WAS_HOME\profiles\profile_name\config\cells\

        • Network deployment: From wsadmin...

          print AdminControl.getCell()

      For example:

      • AIX/Linux:

          ProfilesConfigService.checkOutConfig("/opt/prof/temp","foo01Cell01")

      • Microsoft Windows:

          ProfilesConfigService.checkOutConfig("c:/prof/temp","foo01Cell01")

  2. To configure the active content filter for Profiles...

    ProfilesConfigService.updateConfig(<property>, <value>)

    where

    • <property> is one of the editable Profiles configuration properties.

    • <value> is the new value with which you want to set that property.

    The following table displays information regarding the active filter property and the type of data you can enter for it.


    The active content filter property

    Option Description
    activeContentFilter.enabled Enables and disables filtering for active content of text entered into the About me and Background text input fields. This property takes a Boolean value: true or false. The value must be formatted in lowercase.

    For example, to disable filtering:

      ProfilesConfigService.updateConfig("activeContentFilter.enabled","false")
    Apply property changes

 

Related tasks

Manage content
Apply property changes

+

Search Tips   |   Advanced Search