IBM Support

PK68030: ADDING PORTLET TO PAGE PRODUCES CHARACTER WHICH CAN BE BLOCKED BY 3RD PARTY SECURITY MANAGERS.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When attempting to add a portlet to a page, you get an error
    message:
    
    "Due to the presence of characters known to be used in Cross
    Site Scripting attacks, access is forbidden.
    This web site does not allow Urls which might include embedded
    HTML tags. "
    
    This is due to the %3B char which is part of the URL, so
    Siteminder rejects the request due to cross-site scripting
    protection.
    
    Steps to Reproduce:
    
    Edit Page Layout and add Portlet to a page
    1-Go to the edit page layout screen for any page.
    2- Click on Add Portlets
    3- Select any portlet and Click Ok.  (Clicking Cancel will also
    create the
    same error)
    
    Issue occurs when client browser is either Internet Explorer or
    Firefox.
    

Local fix

  • -Use xmlaccess to add portlet to page.
    -Bypass Siteminder when adding portlet to page.
    

Problem summary

  • Siteminder prevents managepages search URL being accepted. Custo
    getting CrossSite Scripting errors when trying to access some of
    admin pages through the external webserver which is protected by
    siteminder. This is due to the ; char which is part of the URL,
    Siteminder rejects the request due to CSS.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PK68030

  • Reported component name

    WEBSPHERE PORTA

  • Reported component ID

    5724E7699

  • Reported release

    60G

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-06-23

  • Closed date

    2008-08-16

  • Last modified date

    2009-11-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE PORTA

  • Fixed component ID

    5724E7699

Applicable component levels

  • R60A PSY

       UP

  • R60E PSY

       UP

  • R60G PSY

       UP

  • R601 PSY

       UP

  • R610 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.1.1","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
21 December 2021