Cross-site scripting error when saving a Legal Hold template with a survey or when confirming the notice
Article ID: 100052753
Updated On:
Description
Error Message
Unable to save template for hold. Cross-Site Scripting Detected
This error also occurs when a custodian receiving a Legal Hold Notice with a survey tries to Save as Draft or Confirm Compliance.
Failed to save the survey response as a draft. Cross-Site Scripting Detected
Cause
Additional Cross-Site Scripting (XSS) filters have been added to eDiscovery version 10.1.1 causing this error.
Resolution
Download the xss_properties_10.1.1.txt file attached to this article and open in a plain text editor.
Perform the following steps on each eDiscovery server, excluding Utility Nodes.
- Stop eDiscovery services on the server using the Clearwell Utility option #3.
- Navigate to \config\configs.
- Make a backup copy of the default.properties file.
- Edit the default.properties file and locate the following line.
esa.xss.action.ajax_admin.kase.sources.LFISourceHandler_saveSource - Insert the text from the xss_properties_10.1.1.txt file ABOVE the line esa.xss.action.ajax_admin.kase.sources.LFISourceHandler_saveSource
- Save the default.properties file.
- Run a option #7 in the Clearwell Utility to perform an incremental rebuild and restart eDiscovery service.
Issue/Introduction
After upgrading to eDiscovery version 10.1.1, when attempting to save a Legal Hold Notice with a survey as a template, an error appeared in the UI that Cross-Site Scripting has been detected. The notices with surveys can be sent to custodians without this error.
