Incorrect behavior when inserting text containing the "<script>" tag in the activity log

book

Article ID: 106097

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

When inserting an activity in the ticket, such as an update status, log comment, solution, etc, if in User Description field of the activity is typed a text containing the HTML tags <script> </script>, the CA Service Desk Manager (SDM) does not translate it correctly, and the list of activities in the ticket Activity Log tab is not displayed properly anymore, hence cannot be read.

Ex.:

<Please see attached file for image>

Image01

<Please see attached file for image>

Image02
 

Cause

The issue is related to the "keeptags=yes" parameter at the "list_alg.htmpl" form. Somehow the webengine is not handling the html <script> </script> tags properly, showing unexpected content under Activity Log tab.

Environment

CA Service Desk Manager 17.0
CA Service Desk Manager 17.1

Resolution

Change below line at the "list_alg.htmpl" form

from: 

<PDM_MACRO name=lsCol hdr="Descrição" attr=description escape=JS2 export=no 
fmtfunc=UnEscapeDesc keeptags=yes max_char=140 sort=no> 

to: 

<PDM_MACRO name=lsCol hdr="Descrição" attr=description escape=JS2 export=no 
fmtfunc=UnEscapeDesc keeptags=no max_char=140 sort=no> 

After this modification, it is expected to be able to see the list of ticket activities under Activity Log again:

<Please see attached file for image>

Image 03

Additional Information

Note:
It is recommended to use the Web Screen Painter (WSP) tool for modifications of form files; check related articles to publish schema changes using WSP:
How does web screen painter work? What files are modified while previewing, editing and publishing a form?
How to Perform Schema Changes using Web Screen Painter on Advanced Availability Configuration
This behavior was identified only at CA SDM 17.0 and 17.1 releases; it works on 17.1.0.1 (Rollup 01);
It works at previous SDM 14.1 CP4 and 14.1 CP5 releases.

Attachments

1558699598639000106097_sktwi1f5rjvs16jsf.png get_app
1558699596475000106097_sktwi1f5rjvs16jse.png get_app
1558699594496000106097_sktwi1f5rjvs16jsd.png get_app