• State Not Answered
  • Replies 7 replies
  • Subscribers 7 subscribers
  • Views 2321 views
  • Users 0 members are here
Related Discussions
Home » Discussions » General

We're exploring several options to display a document on an external link. O

peterk
We're exploring several options to display a document on an external link. One option is to modify safehtml.xml to allow displaying file links: <
regexp name="fileURL" value="\\s*file:.*"/>

I've tried modifying the xml on the webserver, restarted webserver.. and in runtime_ear.. and restarted JBOSS, but it seems either does not work.

To test, I've deleted mailto in:
FROM: <regexp name="offsiteURL" value="((\\s)*(s?(ht|f)tp(s?)://|mailto:)[\\p{L}\\p{N}]+[~\\p{L}\\p{N}._=$%&amp;;\\-?/+#,!@:\\(\\)*[^\\\\u0000-\\\\u007f ]]*(\\s)*)"/>.
TO: <regexp name="offsiteURL" value="((\\s)*(s?(ht|f)tp(s?)://)[\\p{L}\\p{N}]+[~\\p{L}\\p{N}._=$%&amp;;\\-?/+#,!@:\\(\\)*[^\\\\u0000-\\\\u007f ]]*(\\s)*)"/>

But modifying both locations still allows mailto: links to display on forms. Any suggestions on where I should be looking?

FYI, a couple other options would entail not modifying this file. Still in the gathering data phase... Help appreciated!...

OriginalPostID-117342

OriginalPostID-117342

  Discussion posts and replies are publicly visible

  • 0
    Appian Employee
    Can you try the following approach and see if it works?

    1. Stop the application server
    2. Create a copy of of runtime_ear\\suite.ear\\lib\\appian-security.jar and rename the copy to appian-security.OOB
    3. Open appian-security.jar with any ZIP utility such as 7-zip and navigate to \\appian-security.jar\\resources\\appian\\security\\antisamy\\. Drag and drop your modified XML to this JAR and confirm you will be replacing the safehtml.xml in the JAR
    4. Restart the application server and confirm if the solution worked.
    5. Document this customization so you can repeat this procedure whenever you upgrade Appian
  • 0
    Thanks Eduardo. I actually was not saving the file in the .jar file, but creating the folder structure under classes >>> resources > appian > security > antisamy - and saving safehtml.xml in there. Modifying the safehtml file in the jar file, then restarting JBOSS did the trick - appreciate the help!
  • 0
    Eduardo, so we've implemented this across our non-prod environments successfully. However, this has stopped working for one of our environments. The error I get is the generic error:

    Caused by: com.appiancorp.suiteapi.common.exceptions.AppianException: file:\\\\emile\\data\\CPSCPRIV\\PDFDOCS\\PSAs\\2006/0003d06.pdf is not a permitted URI under the configured security rules and cannot be cast to safeUri. (APNX-1-4198-012)
    03:17:15,570 INFO [stdout] (ajp-/172.16.19.61:8010-1) at com.appiancorp.process.expression.ExpressionRuntimeException$AppianExceptionWithRootCauseProvider.<init>(ExpressionRuntimeException.java:104)

    Any ideas on what could be reverting this change? I know this worked earlier today, and I've checked the safehtml.xml in security jar, and the additions are identical to the others in the other environments (i.e. which are working fine).
  • 0
    Appian Employee
    1. Can you run a search for safehtml.xml to make sure that file is not placed anywhere else by mistake?

    2. Try restarting the application server

    3. Double check the URL is being built in the same way was in the other environments (e.g. same number of //)
  • 0
    Appian Employee
    4. Make sure the JAR updated in this environment is under runtime_ear if using this directory instead. It could have been overridden by the build
  • 0
    We have a nightly reboot, that I think may be somewhat related, as STAGE was rebooted last night just before it started breaking on STAGE. However, the form is now breaking across all our environments. I checked the safehtml.xml file under runtime_ear, and it's retained my changes. I'm at a loss at this point - any other ideas? The safehtml.xml is only placed in the appian-security.jar under runtime_ear. The URLs were working yesterday, but no longer are this morning. Any other thoughts? Thanks again!
  • 0
    Appian Employee
    1. Try doing a manual restart of the application server to see it is indeed related to the restart.
    2. Can you try doing copying the appian-security.jar (the updated one) to "ear" too? and restart the application server to see if that makes any difference>
© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.