Information for users using screen reader software to work with eTouch SamePage. To repeat this information, press ALT+R key.

SamePage supports Internet Explorer 6 and Mozilla Firefox 2.0 and above. You need to enable Javascript, CSS and Images to work with SamePage.SamePage supports several global accesskeys to support keyboard navigation. For Internet Explorer the keys are:

For Firefox the keys are:

 
 Welcome guest
Help  
 
View   Discussion   Edit   Attachments  
 
How to disable XSS filter in an On-Premise SamePage instance View Page as PDF  View Page as Word  Printable View 
Modified By SamePage Support on Jul 15, 2009 11:58 AM | Owner: surjendu kuila | Attachments: 0 | Comments: 0 | Version: 5
Tags : Configuration, On premise 
  
Show/Hide Tag List

Add selected tags   Cancel  

SamePage introduced XSS filter in version 4.0 to make the enterprise wiki more robust and secure. So, what that means for users is HTML content containing javascript and script tags would not be allowed to save. This is prevent Cross-Site Scripting (XSS) attacks.

If a user tries to create content containing script tags, it will give a warning "Some invalid javascript tags have been found which can corrupt the application. Please check your input and remove it to save properly." and will not allow the user to save the page.

It is possible , certain enterprise customers may find this too restrictive and unnecessary for a secure, internal instance . In that case, you can follow the steps below to turn off the XSS filtering. However, please be aware that, in doing so, the deployment would be vulnerable to XSS and XSRF attacks.

Release 4.1 and Upwards

  • Go to System Administration -> System Parameters
  • Search for net.etouch.filter.xss
  • Set the value to false
  • Click on Save.

Release 4.0

1. Navigate to $INSTALLDIR/cm/WEB-INF.
2. Open web.xml in a text editor.
3. Comment the following tag. After commenting the tag should look like the following.

<!-- filter>
     <filter-name>XSSFilter</filter-name>
     <display-name>XSSFilter</display-name>
     <description>XSSFilter</description>
     <filter-class>net.etouch.contmgmt.common.XSSFilter</filter-class>
     <init-param>
        <param-name>redirectTo</param-name>
        <param-value>../error/invalidinputerror.jsp</param-value>
    </init-param>
    <init-param>
        <param-name>pathList</param-name>
        <param-value>emailpage.jsp, /admin/, /analytics/, /authoring/, /contmgmt/, /help/, /home/,/images/,/jasper/, /javascript/,/site/,/syndication/,/taskmgmt/,/workflow/</param-value>
     </init-param>
    </filter -->

4. Comment the following tag. After commenting it should look like the following.

<!-- filter-mapping>
        <filter-name>XSSFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping -->

5. Restart the SamePage server.