We're exploring several options to display a document on an external link. One option is to modify safehtml.xml to allow displaying file links: < regexp name="fileURL" value="\\s*file:.*"/> I've tried modifying the xml on the webserver, restarted webserver.. and in runtime_ear.. and restarted JBOSS, but it seems either does not work. To test, I've deleted mailto in: FROM: <regexp name="offsiteURL" value="((\\s)*(s?(ht|f)tp(s?)://|mailto:)[\\p{L}\\p{N}]+[~\\p{L}\\p{N}._=$%&;\\-?/+#,!@:\$\$*[^\\\\u0000-\\\\u007f ]]*(\\s)*)"/>. TO: <regexp name="offsiteURL" value="((\\s)*(s?(ht|f)tp(s?)://)[\\p{L}\\p{N}]+[~\\p{L}\\p{N}._=$%&;\\-?/+#,!@:\$\$*[^\\\\u0000-\\\\u007f ]]*(\\s)*)"/> But modifying both locations still allows mailto: links to display on forms. Any suggestions on where I should be looking? FYI, a couple other options would entail not modifying this file. Still in the gathering data phase... Help appreciated!... OriginalPostID-117342 OriginalPostID-117342

We're exploring several options to display a document on an external link. O

peterk over 9 years ago

We're exploring several options to display a document on an external link. One option is to modify safehtml.xml to allow displaying file links: <
regexp name="fileURL" value="\\s*file:.*"/>

I've tried modifying the xml on the webserver, restarted webserver.. and in runtime_ear.. and restarted JBOSS, but it seems either does not work.

To test, I've deleted mailto in:
FROM: <regexp name="offsiteURL" value="((\\s)*(s?(ht|f)tp(s?)://|mailto:)[\\p{L}\\p{N}]+[~\\p{L}\\p{N}._=$%&;\\-?/+#,!@:\$\$*[^\\\\u0000-\\\\u007f ]]*(\\s)*)"/>.
TO: <regexp name="offsiteURL" value="((\\s)*(s?(ht|f)tp(s?)://)[\\p{L}\\p{N}]+[~\\p{L}\\p{N}._=$%&;\\-?/+#,!@:\$\$*[^\\\\u0000-\\\\u007f ]]*(\\s)*)"/>

But modifying both locations still allows mailto: links to display on forms. Any suggestions on where I should be looking?

FYI, a couple other options would entail not modifying this file. Still in the gathering data phase... Help appreciated!...

Discussion posts and replies are publicly visible

Parents

0 peterk over 9 years ago

Eduardo, so we've implemented this across our non-prod environments successfully. However, this has stopped working for one of our environments. The error I get is the generic error:

Caused by: com.appiancorp.suiteapi.common.exceptions.AppianException: file:\\\\emile\\data\\CPSCPRIV\\PDFDOCS\\PSAs\\2006/0003d06.pdf is not a permitted URI under the configured security rules and cannot be cast to safeUri. (APNX-1-4198-012)
03:17:15,570 INFO [stdout] (ajp-/172.16.19.61:8010-1) at com.appiancorp.process.expression.ExpressionRuntimeException$AppianExceptionWithRootCauseProvider.<init>(ExpressionRuntimeException.java:104)

Any ideas on what could be reverting this change? I know this worked earlier today, and I've checked the safehtml.xml in security jar, and the additions are identical to the others in the other environments (i.e. which are working fine).
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 peterk over 9 years ago

Eduardo, so we've implemented this across our non-prod environments successfully. However, this has stopped working for one of our environments. The error I get is the generic error:

Caused by: com.appiancorp.suiteapi.common.exceptions.AppianException: file:\\\\emile\\data\\CPSCPRIV\\PDFDOCS\\PSAs\\2006/0003d06.pdf is not a permitted URI under the configured security rules and cannot be cast to safeUri. (APNX-1-4198-012)
03:17:15,570 INFO [stdout] (ajp-/172.16.19.61:8010-1) at com.appiancorp.process.expression.ExpressionRuntimeException$AppianExceptionWithRootCauseProvider.<init>(ExpressionRuntimeException.java:104)

Any ideas on what could be reverting this change? I know this worked earlier today, and I've checked the safehtml.xml in security jar, and the additions are identical to the others in the other environments (i.e. which are working fine).
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data