Basic Troubleshooting - Cross-Site Scripting Errors

PowerSchool released 11.0.4.1 on January 19, 2018, and it included a new security feature.  The feature checks data being submitted to fields in the database via a form to see if there's any html coding being saved, and if so, it then checks the html coding against a whitelist.  More details and the actual whitelist can be found in KB Article 79956 on PowerSource.  If the html coding isn't permitted, you'll see one of the following error messages:

Original Error

Cross-Site Scripting Error


Revised Error Message on PS 12


Below are descriptions of the two places where you may encounter the error if you're on PS 11.0.4.x, or a version released later on:

Older Versions of sqlReports - you'll get the cross-site scripting error when you try to import a report on any version prior to sqlReports 5.4.0, so be sure you're using the latest download from the Downloads area of the site.  The import function of sqlFormLetters and Custom Links were also affected and you'll want to be on the latest versions of them as well.  All the latest releases can be found under the Downloads menu of this site.

HTML in a sql query in a sqlReport - If you're on the very latest version of sqlReports and still get the error, the issue is with html coding in your sql.  If you have any reports where you use html in the sql query in the report to create links to other pages in PS, display images in the report, or change the background color of cells or text, you'll get the error if you try to import, edit, or run a report unless you modify the < that starts each link.  For example, instead of select '<a href=/admin/.... use select chr(60)||'a href=/admin/.  See The Using HTML Coding in sqlReports article for more ways to modify the html.

 

 

Back to the List of Articles

Terms of Use

By downloading any files or reports from this site, you agree to this site's Terms Of Use.