APAR status
Closed as program error.
Error description
When attempting to add a portlet to a page, you get an error message: "Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags. " This is due to the %3B char which is part of the URL, so Siteminder rejects the request due to cross-site scripting protection. Steps to Reproduce: Edit Page Layout and add Portlet to a page 1-Go to the edit page layout screen for any page. 2- Click on Add Portlets 3- Select any portlet and Click Ok. (Clicking Cancel will also create the same error) Issue occurs when client browser is either Internet Explorer or Firefox.
Local fix
-Use xmlaccess to add portlet to page. -Bypass Siteminder when adding portlet to page.
Problem summary
Siteminder prevents managepages search URL being accepted. Custo getting CrossSite Scripting errors when trying to access some of admin pages through the external webserver which is protected by siteminder. This is due to the ; char which is part of the URL, Siteminder rejects the request due to CSS.
Problem conclusion
A fix is available from Fix Central: http://www.ibm.com/eserver/support/fixes/fixcentral/swg/quickord er?apar=PK68030&productid=WebSphere%20Portal&brandid=5 You may need to type or paste the complete address into your Web browser.
Temporary fix
Comments
APAR Information
APAR number
PK68030
Reported component name
WEBSPHERE PORTA
Reported component ID
5724E7699
Reported release
60G
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-06-23
Closed date
2008-08-16
Last modified date
2009-11-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE PORTA
Fixed component ID
5724E7699
Applicable component levels
R60A PSY
UP
R60E PSY
UP
R60G PSY
UP
R601 PSY
UP
R610 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.1.1","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
21 December 2021