Improving browser security with Content Security Policy

Starting with IBM Datacap 9.1.9 interim fix 007, Datacap Navigator supports IBM Content Navigator (ICN) when it is configured for improved browser security with content security policy.

For more information about configuring the application server Java Virtual Machine (JVM) that runs the ICN application, see Improving browser security with Content Security Policy.

The Datacap Navigator plug-in will not work with Datacap versions before IBM Datacap 9.1.9 interim fix 007. But starting with Datacap 9.1.9 interim fix 007, the Datacap Navigator plugin is modified to remove all eval() functions and replaced with code that is not susceptible to data injection and Cross-Site Scripting (XSS).

When this version of Datacap Navigator is deployed in an ICN application running with this feature, it may not support the downloading of DynamsoftServiceSetup.msi from the Scan client. It also does not support the dual viewer that opens when the viewer Actions > Open in New Window is selected in the viewer pane of Datacap Navigator clients like Scan, Classify, or Verify. If you must use the dual viewer in your use-case, then disable the feature by changing true to false. Restart the application server that runs the ICN application. To resolve the DynamsoftServiceSetup.msi download issue, get the file from the Datacap installation folder of ..\Datacap\tmweb.java and install it on your local machine.

Disable the following JVM options by setting them to false.

-Dcom.ibm.ecm.icn.system.security.csp.removeUnsafeEval=false
-Dcom.ibm.ecm.icn.system.security.csp.removeUnsafeInline=false