The CreatorCon Call for Content is officially open! Get started here.

IS it possible to append onclick javascript funtion in HTML source code?

Go to solution
dvelloriy
Kilo Sage

‎09-21-2018 01:16 PM

Hi Community,

IS it possible to append onclick javascript funtion in HTML source code?

I am trying to append below code to my HTML source code field in knowledge base. But when i update it, it just strips it off. Is it not supported. Any suggestions to fix it>?

Trying to insert this code:

<div class=""SH_Toggle"" onclick=""document.getElementById('Brain_TR').classList.toggle('highlight_row');document.getElementById('Brain_Details_TR').classList.toggle('hide');document.getElementById('Brain_Details_TR').classList.toggle('active_details_row');"">
(More Information: <span style=""color:blue;"">Show/Hide&nbsp;⇵</span>)</div>

However when i update the page, it just strips it off to this code:

<div class=""SH_Toggle"">(More Information: <span style=""color: blue;"">Show/Hide&nbsp;⇵</span>)</div>
</div>

 

Any help on this would be appreciated..

Thanks.

 

Labels:
0 Helpfuls
  • 1,892 Views
1 ACCEPTED SOLUTION

Go to solution
dvelloriy
Kilo Sage

‎09-24-2018 02:13 PM

Issue is resolved.

Added this the attribute

tinymce_allow_all=true

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Paul Curwen
Giga Sage

‎09-21-2018 01:28 PM

Hi dvelloriy,

The issue that you are seeing is likely down the the HTML Sanitizer setting see: 

https://docs.servicenow.com/bundle/istanbul-platform-administration/page/administer/security/concept...

Thankfully you can either turn this off for a field (not really recommended due to potential security issues) but can be done: 

https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/security/task/t_E...

or you can whilelist elements you want to use (much safer but more work) add them to the the HTMLSanitizerConfig script include under the whitelist attributes.

https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/security/task/t_C...

Hope that solves your issue.

Regards,

Paul.

***If Correct/Helpful please take time mark as Correct/Helpful. It is much appreciated.***

Regards

Paul

Go to solution
dvelloriy
Kilo Sage

‎09-24-2018 07:00 AM

Hi Paul,

Thanks, this is helpful.

The HTML field in question is a translated HTML field. I do not see any property glide.html.sanitize_all_fields or glide.translated_html.sanitize_all_fields in my system properties list.. Do i need to add manually?

Also, Looking at my code, can you let me know which html element i need to whitelist in my script include to make it work?

Thanks.

 

0 Helpfuls

Go to solution
dvelloriy
Kilo Sage

‎09-24-2018 01:14 PM

I dont think its HTML sanitizer issue. Created 2 system properties

glide.html.sanitize_all_fields = false

glide.translated_html.sanitize_all_fields = false.

Issue is still there.

Can anyone help here?

0 Helpfuls

Go to solution
dvelloriy
Kilo Sage

‎09-24-2018 02:13 PM

Issue is resolved.

Added this the attribute

tinymce_allow_all=true

0 Helpfuls