Turning off active content filtering
Only turn off active content filtering if you have secured your network against cross-site scripting attacks by other means.
The active content filter removes potentially harmful text content, such as JavaScript, from user input added to a post or entry before saving the post or entry to an application; it does not filter file attachments. Before disabling active content filtering, be sure you have considered the security implications of this decision. for more information.
- Start the wsadmin client. See Start the wsadmin client for details.
- Find out what the current setting is for the active content filter property. See Edit configuration files for details and to find out which commands to use to check out configuration files.
- Change the active content filtering property for the application using...
- Activities:
ActivitiesConfigService.updateConfig("activeContentFilter.enabled", "false")
- Blogs:
BlogsConfigService.updateConfig("ACFEnabled", "false")
- Bookmarks:
DogearCellConfig.updateConfig("activeContentFilter.enabled", "false")
- Communities:
CommunitiesConfigService.updateConfig("activeContentFilter.enabled", "false")
- Files:
FilesConfigService.updateConfig("activeContentFilter.enabled","false")
- Forums:
ForumsConfigService.updateConfig("activeContentFilter.enabled","false")
- Profiles:
ProfilesConfigService.updateConfig("activeContentFilter.enabled","false")
- Wikis:
WikisConfigService.updateConfig("activeContentFilter.enabled","false")
- Apply the changes. See Applying property changes for details.
Parent topic:
Secure applications from malicious attack
Related: