Fact
PhenixID Identity Manager
Situation
When trying to save data to the LDAP directory an error message appears, “Data contains invalid characters!”.
The reason for this is that one of your forms contains data that includes a character that is disallowed by IM. There are characters that can be used to create cross-site scripts (XSS), those are by default not allowed by IM.
For example, you might have a form with the control Description. When a user adds a value for description, for example, “This data contains an & sign and that is not allowed by default in IM”. When the user clicks Apply the user receives “Data contains invalid characters!”. The &-character is the problem.
Solution
To protect the web edition from Cross-site scripting (XSS) a restriction policy is set by default to prevent this. This means Identity manager web edition will look for illegal strings or characters before saving it to the directory.
Default illegal’s are “<,>,\”,%,;,{,},&,SCRIPT”
There are two solutions to solve this issue:
- Try to make the organisation or the users understand that there are characters that are not allowed to use. This might be tricky to implement but the best solution.
- Add a policy to allow not allowed characters.
IIM includes a policy called IGNORE_CSS_CHARACTERS. If you add this policy then you can specify what characters that IM should allow.
By default you should add the policy with all illegal characters added:
IGNORE_CSS_CHARACTERS=<,>,\”,%,;,{,},&,SCRIPT
Then you remove the characters that you like IM to allow.
Add this policy to the DSEditor.properties.
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se