Security cross-site scripting filter settings

Cross-site scripting (XSS) is a computer security vulnerability that allows malicious attackers to inject client-side script into web pages viewed by other users. You can use the Cross-site Scripting Filter setting to check all HTTP requests sent to IBM OpenPages®. The Cross-site Scripting Filter setting enables basic filtering of common attacks. The Advanced XSS Filter setting turns on more aggressive filtering of JavaScript actions.

For more information about the X-XSS-Protection header setting, see Configure the HTTP response headers.

To allow certain HTML elements or attributes to pass through this filter, see Configure the security safe tags setting.

To allow certain character combinations to pass through, see Configure allowed character combinations.

Attention: The XSS filter blocks attempts to save text fields that contain JavaScript. The XSS filter also blocks updates to items that were created and saved with JavaScript when the XSS filter was disabled. Text fields that contain JavaScript are not supported.
Note: These settings are hidden by default. To display them, see Show hidden settings.
Platform > Security > Cross-site Scripting Filter
Default: true
Values: In the Value field, type one of the following values:
  • true - Cross-site filtering is enabled.
  • false - Cross-site filtering is disabled.

Restart all application servers in your cluster to enable the change. For information, see Starting and stopping servers.

Platform > Security > Advanced XSS Filter
Default: true
Values: In the Value field, type one of the following values:
  • true - Advanced XSS filtering is enabled.
  • false - Advanced XSS filtering is disabled.

Restart all application servers in your cluster to enable the change. For information, see Starting and stopping servers.