Saviynt Forums

adriencosson · ‎05/09/2023

Hello folks !

After enabling the Add / Edit KPI, I would like to create a new KPI on the HomePage to view the number of Analytics available to the loggedin user.

Configuration is as following :

When saving the KPI, it triggers a flow, I am getting an exception that indicates "Access Denied due to XSS" :

I got from support team that some characters were not allowed in JS, but could not get more details.

Any chance someone can help troubleshoot the below JS script :

() => {
  const [widgetdata, setWidgetData] = useState({});
  useEffect(() => {
    const endPoint =
      "/ECM/api/v5/fetchControlListES";
    fetch(endPoint, {
      method: "GETWITHBODY",
      headers: { "Content-type": "application/json", "X-NOLOADER": true },
      body: JSON.stringify({"loggedinuser":userName,"offset":"0","max":"1"}),
    }).then((d) =>
      d.json().then((data) => {
        setWidgetData(data);
      })
    );
  }, []);
  return (
    <a href="/ECM/analyticsHistoryES/analyticsSummary?flatHistoryConfig=1">
      <h6 className="status-Tile">
        {intl.formatMessage({ id: "Available Reports" })}
      </h6>
      <div className="status-Tile-Data">
        <h6 className="status-count">{widgetdata.totalCount}</h6>
      </div>
    </a>
  );
};

Regards,
Adrien COSSON

saikanumuri · ‎05/15/2023

Hi Adrien,

I am checking on this internally and will get back to you

adriencosson · ‎05/26/2023

Hello,

Unfortunately I could not pull out any log for this issue as it looks more of a front-end issue where some characters might need to be escaped.

Please advise and provide a working example. Also you can use the above JS script in order to replicate internally.

Regards,
Adrien COSSON

Darshanjain · ‎05/30/2023

Hi @adriencosson

Thanks, i am internally checking on this and will provide you an update soon.

Thanks

Darshan

nimitdave · ‎06/05/2023

With coming 23.6 release, the option to add a new Key Performance Indicator (KPI) from the Home page has been removed. You can only edit or delete an existing KPI. This change has been made to simplify the KPI management process.

In the Edit option only feature option is editable.

adriencosson · ‎06/06/2023

Hello @nimitdave,

Therefore, this feature that was in Beta mode for creating KPIs will be decommissioned.

Still for editing, I would need to understand why are we getting the "Access Denied due to XSS" exception above.

Regards,
Adrien COSSON

Darshanjain · ‎06/08/2023

Hi @adriencosson

from 23v html tags are not supported, so even in the kpi its effecting , we have a internal jira which needs to be allowed for these tags so that it will work.

For time being there is no way to create/update Kpi due to the XSS error.

Thanks

Darshan

adriencosson · ‎06/23/2023

Hello @Darshanjain ,

For your information, we got from support the list of prevented patterns for XSS.

As you might be able to see : the following pattern means "anything" (.*?) and therefore we simply cannto insert any "scope" data. If this one is getting removed then Create/Update KPI would have been possible.

I'm in touch with Support as well to get progress through FD ticket.

Regards,
Adrien COSSON

Saviynt Forums

Error when creating KPI and load it