AnsweredAssumed Answered

Help with "Overriding the Default CSS Character Set"

Question asked by confusedgreymatter on May 30, 2012
Latest reply on Jun 6, 2012 by Josh_Perlmutter
Well, I have followed the instructions in the Web Agent Configuration Guide (to the best of my abilities) in regards to trying to "Override the Default CSS Character Set", but I'm not having any success.

The situation: I have a URL that contains a single quote in it and that seems to be tripping the "Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags." cross site scripting error message.

I have followed the instructions as well as trying just about everything I know to do to eliminate the Siteminder WebAgent from seeing the single quote, but nothing seems to work.

I've tried:
- Setting the BadCSSChars parameter to "<,>" only (removing the single quote).
- Uncommenting the BadCSSChars parameter to make sure it is active.
- Setting the CSSChecking parameter to NO.
- Commenting out the CSSChecking parameter.
- Performing all of these changes above in the LocalConfig.conf in both the IIS folder and the config folder.
- Restarting the computer after each change.
- Performing some mystic chant I found on the web.

But nothing seems to work.

How do I tell the WebAgent NOT to trigger the cross site scripting error message if it sees the variables of a single quote and a "%27"?

Thanks for you all time and assistance!

Outcomes