Jun 29 2014

Embed HTML, Javascript codes into Interactive Applications

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

From the recent releases from Oracle (9.0 and up), it has been a little difficult to embed HTML pages and/or Javascript code into Interactive applications, e.g. to Open some URL on close/load, Print the page, or just to show content from some external URL/Feed etc.

It just gives the error – A Script Injection has been detected. A malacious tag was detected as an input from the client. Your session will be disabled

HTML Script Injection error

Malicious Script Injection Error

There is a simple way around – in the Security Workbench – Text Block Control security by setting the Application Encoding option to “No”. (Thanks to Dave Harrison – http://goo.gl/r9tkI7)

But would you set this up at your site? Would’nt it create extensive damage to your system viz, someone creates data (js code) with some malicious intent, and saves it. Next time when someone views it, the .js gets executed, and you are in soup??
Would like to hear your views / Other options!

Published under the license.

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)
Embed HTML, Javascript codes into Interactive Applications, 5.0 out of 5 based on 2 ratings
(Visited 605 times, 1 visits today)

About the author

Deepesh M Divakaran

Deepesh MD is more of a Gizmo Geek, and a techie.
A very experienced Technical Consultant on Oracle JD Edwards EnterpriseOne, and OneWorld. As a consultant he has worked for wide range of industries, from Manufacturing, Media, Oil & gas etc. and has worked on re-engineering modules, and areas of customization.
With a touch of class and understanding towards what ever he does, he is often regarded by his colleagues as the one stop answer for all Technical/Software related queries.

Leave a Reply