Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Modify the subject of an email template - error: Access denied due to XSS

AJ23494
New Contributor II
New Contributor II

‎07/26/2022 01:16 AM - last edited on ‎07/26/2022 07:37 AM by Community Manager

Hi Team , 

I am trying to modify the subject of an email template . 

When i do this in the subject line of email template
<% if ((user?.customproperty1).startsWith('RX')) print "Workday Joiner ${user?.firstname} ${user?.lastname} Business Unit : ${user.customproperty1} Hire Date: ${user?.startdate} "%> <% if (!(user?.customproperty1).startsWith('RX')) print "RELX Identity Service: ${user?.customproperty15} AD account created for ${user?.firstname} ${user?.lastname}"%>

It is giving the below error , please suggest .

AJ23494_0-1658823289300.png

[This post has been edited by a Moderator to clarify the subject heading.]

0 Kudos
3 REPLIES 3

Nikitaj
Saviynt Employee
Saviynt Employee

‎07/26/2022 09:55 PM

Hi @AJ23494 

This is a known issue and because of few variables not exposed in the environment.

Please raise a support ticket as this needs more triaging on logs and variables. 

In the meantime you can check if there are unwanted characters in the email template using below: Managing Email Templates : Customer Portal (freshdesk.com)

 


Thanks
Nikita
0 Kudos

sahajranajee
Saviynt Employee
Saviynt Employee

‎07/27/2022 06:49 AM

Hi @AJ23494 ,

This error is a security check put in place to avoid SQL injection/XSS related attacks. Since your string is using '%> <' , it gets blocked.

You can raise a Saviynt Support ticket to get this added from the backend.


Regards,
Sahaj Ranajee
Sr. Product Specialist
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sahajranajee

‎08/09/2022 04:22 AM

Injection seems only checked during update operation. When  you delete existing email template & recreate with same name it work as expected


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC