Cross-site scripting error when saving a Legal Hold template with a survey or when confirming the notice

book

Article ID: 100052753

calendar_today

Updated On:

Description

Error Message

Unable to save template for hold.  Cross-Site Scripting Detected

 

This error also occurs when a custodian receiving a Legal Hold Notice with a survey tries to Save as Draft or Confirm Compliance.

Failed to save the survey response as a draft.  Cross-Site Scripting Detected

Cause

Additional Cross-Site Scripting (XSS) filters have been added to eDiscovery version 10.1.1 causing this error.

Resolution

Download the xss_properties_10.1.1.txt file attached to this article and open in a plain text editor.

Perform the following steps on each eDiscovery server, excluding Utility Nodes.

  1. Stop eDiscovery services on the server using the Clearwell Utility option #3.
  2. Navigate to \config\configs.
  3. Make a backup copy of the default.properties file.
  4. Edit the default.properties file and locate the following line.
    esa.xss.action.ajax_admin.kase.sources.LFISourceHandler_saveSource
  5. Insert the text from the xss_properties_10.1.1.txt file ABOVE the line esa.xss.action.ajax_admin.kase.sources.LFISourceHandler_saveSource
  6. Save the default.properties file.
  7. Run a option #7 in the Clearwell Utility to perform an incremental rebuild and restart eDiscovery service.

Issue/Introduction

After upgrading to eDiscovery version 10.1.1, when attempting to save a Legal Hold Notice with a survey as a template, an error appeared in the UI that Cross-Site Scripting has been detected. The notices with surveys can be sent to custodians without this error.

Attachments

xss_properties_10.1.1.txt get_app
Powered by Wolken Software