The active content filter prevents a user from embedding malicious content in Bookmarks input fields. You configure Bookmarks settings using scripts accessed using the wsadmin client. These scripts use the AdminConfig object available in WebSphere® Application Server Admin (wsadmin) to interact with the Bookmarks configuration file. Changes to Bookmarks configuration settings require node synchronization and a restart of the Bookmarks server before they take effect.
Before you begin
To edit configuration files, you must use the wsadmin client. See Starting the wsadmin client
About this task
Bookmarks provides a filter that prevents users from using rich text descriptions with malicious scripts that are executed when other users visit bookmarks. You can disable this filter to provide richer options for content in any Bookmarks text input field.
Disabling this filter introduces vulnerability to XSS and other types of malicious attack. See Securing applications from malicious attack
for additional information.
- Open a command window and start the wsadmin command line tool as described in the topic, Starting the wsadmin client.
- Access the Bookmarks configuration file as described in the topic Accessing the Bookmarks configuration file.
- To configure the active filter for Bookmarks, set the following property:
Enables/disables the active content filter for the Rich Text descriptions on bookmarks. The default value is "true" and can be set to "false" if you wish not to filter active content.
Note: Disabling the active content filter is not recommended as it will allow end users to create Rich Text Descriptions with malicious scripts that might be executed when other users visit bookmarks.
- See Applying property changes for information about how to save and apply your changes.
Parent topic: Administering Bookmarks