08 Feb 2021

Enable users to bypass XSS protection and add custom Javascript to a Site

HighQ has a list of supports to enable or to stop your users from adding scripts to the site. The HighQ support team has an option to switch off all access to all users, to completely stop any user from adding scripts to the site, please contact them for more information on this.

As of 5.4.8 we have introduced an option to enable system administrators to give specific users the permission to add custom Javascript into a site, rather than give full access to all users.

Please note that for these permissions to take effect, you need to contact HighQ support and have the restriction turned on for the entire instance to prevent any user from adding customer Javascript. Once enabled, you can then specify which users you want to bypass this protection.

Also note that users without permission to bypass XSS protection cannot edit any part of a page with Javascript, even if the Javascript is in a different panel, as they cannot save a page that contains a script. 

Allowing a user to bypass XSS protection

To enable a user to bypass the XSS protection, navigate to your profile drop-down menu and click System admin:

The System admin screen is displayed. Within the System admin screen, navigate to User admin in the left hand panel:

The User administration page is displayed. Within the User administration page, search for the user you want to give this permission to, select the check box next to their name and click Roles:

The Roles screen will be displayed:

In the Roles screen, select the Allow user to bypass XSS protection checkbox and click Save. The selected user will now have permission to add custom Javascript to a site. 

If a page contains Javascript then a user must have permission to bypass XSS protection in Roles to edit and save the page.

Searching for users who have permission to bypass XSS protection

We have also introduced a search field to enable you to search for and list all users who have permission to bypass the XSS protection. 

After navigating to the User administration screen, as shown above, you will see a new search check box called Users granted bypass of XSS protection

Select this check box and click Search, a list of all users within the instance that have this new permission will be displayed:

This way you can easily search for and manage this permission for your users.

Was this article helpful?