How to Avoid “Unsafe” Prefix on Links

io_image-v2

If you’ve ever tried creating a dynamic link with a non-standard protocol or prefix (e.g. file, sms, tel, ftp, local) in Service Portal, you may have noticed that it prepends the url with “unsafe” rendering it unusable.

The sanitization is a security measure aimed at preventing XSS attacks via html links and is coming from Angular.js which maintains a whitelist of safe urls.

To fix this you will need to override the default whitelist by passing in a regular expression to the application configuration. You can do this by creating a “js_include” in your portal theme and include the following script:

Where you see https?|ftp|mailto, etc… that is the regular expression you will want to update to include your url prefixes.

Leave a Reply

Your email address will not be published. Required fields are marked *