The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Unicode characters not displaying in knowledge articles

Go to solution
Brad Warman
Giga Sage

‎03-25-2020 07:03 PM

Hi all,

We recently enabled embedding of videos in knowledge articles by adding html_sanitize=false to the article body attributes. Since this, we've lost the ability to copy/paste unicode characters such as 🗗 into the article body or the text field of a URL. The unicode character displays in the editor until it is saved or submitted for publishing and then it is displayed as ????. Any ideas on how to get around this?

Many thanks,

Brad

Labels:
0 Helpfuls
  • 2,318 Views
1 ACCEPTED SOLUTION

Go to solution
Kieran Anson
Kilo Patron

‎04-14-2020 12:43 PM

Hey Brad,

If you only turned off the HTML sanitiser for the ability to embed videos, may I recommend you do the following instead?

1. Remove the html_sanitize=false attribute

2. Edit the Script Include "HTMLSanitizerConfig" > https://<yourinstance>.service-now.com/nav_to.do?uri=sys_script_include.do?sys_id=f672f983c312010016194ffe5bba8f5c

3. Edit the script include to allow the required attributes as highlighted below. This will fix your unicode issue, allow videos to be embedded and also add a bit of security back to your environment.

find_real_file.png

 

var HTMLSanitizerConfig = Class.create();
HTMLSanitizerConfig.prototype = {
	initialize: function() {
	},
	
	HTML_WHITELIST : {
		globalAttributes: {
			attribute:[],
			attributeValuePattern:{}
		},
		embed:{attribute:["src","type","allowfullscreen","allowscriptacces","plugnspage","width","height"]},
		object:{attribute:["classid","codebase","width","height"]},
		param:{attribute:["name","value"]},
		video:{attribute:["src","controls","width","height"]},
		
	},
	
	HTML_BLACKLIST : {
		globalAttributes: {},
	},
	
	getWhiteList : function() {
		return this.HTML_WHITELIST;
	},
	
	getBlackList : function() {
		return this.HTML_BLACKLIST;
	},
	
	type: 'HTMLSanitizerConfig'
};

View solution in original post

Preview file
38 KB
0 Helpfuls
4 REPLIES 4

Go to solution
Kieran Anson
Kilo Patron

‎04-14-2020 12:43 PM

Hey Brad,

If you only turned off the HTML sanitiser for the ability to embed videos, may I recommend you do the following instead?

1. Remove the html_sanitize=false attribute

2. Edit the Script Include "HTMLSanitizerConfig" > https://<yourinstance>.service-now.com/nav_to.do?uri=sys_script_include.do?sys_id=f672f983c312010016194ffe5bba8f5c

3. Edit the script include to allow the required attributes as highlighted below. This will fix your unicode issue, allow videos to be embedded and also add a bit of security back to your environment.

find_real_file.png

 

var HTMLSanitizerConfig = Class.create();
HTMLSanitizerConfig.prototype = {
	initialize: function() {
	},
	
	HTML_WHITELIST : {
		globalAttributes: {
			attribute:[],
			attributeValuePattern:{}
		},
		embed:{attribute:["src","type","allowfullscreen","allowscriptacces","plugnspage","width","height"]},
		object:{attribute:["classid","codebase","width","height"]},
		param:{attribute:["name","value"]},
		video:{attribute:["src","controls","width","height"]},
		
	},
	
	HTML_BLACKLIST : {
		globalAttributes: {},
	},
	
	getWhiteList : function() {
		return this.HTML_WHITELIST;
	},
	
	getBlackList : function() {
		return this.HTML_BLACKLIST;
	},
	
	type: 'HTMLSanitizerConfig'
};
Preview file
38 KB
0 Helpfuls

Go to solution
Kieran Anson
Kilo Patron
In response to Kieran Anson

‎05-18-2020 08:53 AM

Hi, Checking in on whether my reply resolved your issue? If so please Mark Correct and /or 👍 Helpful if you find my response worthy based on the impact.
By doing so you help other community members find resolved questions which may relate to an issue they're having.

0 Helpfuls

Go to solution
Brad Warman
Giga Sage

‎04-19-2020 09:35 PM

Thanks Kieran,

I managed to get it working in the interim by explicitly adding 'encode_utf8=true' to the attributes for the dictionary entry. 

I'm going through a bit of a security audit at the moment, so will try your solution to make the article body field a bit more secure. 

Cheers,

Brad

0 Helpfuls

Go to solution
Matt Hernandez
Tera Guru

‎08-16-2021 08:24 PM

Fyi for anyone who reaches here and is unable to save change to the recommended script include....

In our Paris instance, no matter the syntax, we were unable to save any change to the script include, "global.HTMLSanitizerConfig". Even if you just open it and add the missing semicolon at the end of file, your save will be rejected.

It would always abort save with errors:

"Invalid Update",
"Failed to create HTML Sanitization Policy"

I created a HI support ticket and they told me the issue is PRB1502417, and they said they cannot reproduce it on an OOTB instance. Therefore they advised me to circumvent the validation:

a. Disable the business rule, "HTMLSanitizerConfigValidation".

b. Save my change to the script include.

c. Reactivate the business rule.

So, your-mileage-may-vary, but this is what we were told.

0 Helpfuls