Turning off active content filtering

Only turn off active content filtering if you have secured your network against cross-site scripting attacks by other means.

Before you begin

The active content filter removes potentially harmful text content, such as JavaScript™, from user input added to a post or entry before saving the post or entry to an application; it does not filter file attachments. Before you disable active content filtering, be sure you have considered the security implications of this decision. See Securing applications from malicious attack for more information.

Procedure

  1. Start the wsadmin client. See Starting the wsadmin client for details.
  2. Find out what the current setting is for the active content filter property. See Editing configuration files for details and to find out which commands to use to check out the configuration files.
  3. Change the active content filtering property for the application using one of the following commands:
    • Activities:
      ActivitiesConfigService.updateConfig("activeContentFilter.enabled", "false")
    • Blogs:
      BlogsConfigService.updateConfig("ACFEnabled", "false")
    • Bookmarks:
      DogearCellConfig.updateConfig("activeContentFilter.enabled", "false")
    • Communities:
      CommunitiesConfigService.updateConfig("activeContentFilter.enabled", "false")
    • Files: 
      FilesConfigService.updateConfig("activeContentFilter.enabled","false")
    • Forums: 
      ForumsConfigService.updateConfig("activeContentFilter.enabled","false")
    • Profiles:
      ProfilesConfigService.updateConfig("activeContentFilter.enabled","false")
    • Wikis:
      WikisConfigService.updateConfig("activeContentFilter.enabled","false")
  4. Apply your changes. See Applying property changes for details.