EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

HTML tag used to change font color of prompt instructions does not apply in MicroStrategy Web 2019.

Shane Winslow

Cloud Support Expert I • MicroStrategy

This Knowledge Base Article outlines a change where an HTML tag no longer applies to prompt instructions in MicroStrategy 2019. A workaround is provided to achieve the desired formatting.

SYMPTOM:
In Strategy Web, users can use HTML tags to achieve the desired look and feel for certain objects. In Strategy Web 2019, the below HTML tag used to change the font color of prompt instructions does not apply. Instead, the font remains black as seen below.
 


<br><font color="red">*There is a limit on how many records are displayed in the report result. Please limit the date range to see all results in the reports.</font>.

ka044000000kU98AAE_0EM44000000ggbP.png

In previous versions of Strategy Web, the same HTML tag changed the font color to red as expected and seen below.

ka044000000kU98AAE_0EM44000000ggbZ.png

STEPS TO REPRODUCE:

  1. In Strategy Web 2019, create a report with Day and Cost.
  2. In the Report Objects, right-click on Day and choose Add Element Prompt to Filter.
  3. In the Report Filter, click on Element selection of Day.
  4. On the General tab, add the following HTML tag to the Instruction textbox:


<br><font color="red">*There is a limit on how many records are displayed in the report result. Please limit the date range to see all results in the reports.</font>.

ka044000000kU98AAE_0EM44000000ggbt.png
  1. Click OK.
  2. Save the report.
  3. On the Web Admin page, make sure the setting Allow HTML Output in: Prompt titles and descriptions is enabled under Security > User Input Filtering.
ka044000000kU98AAE_0EM44000000ggbo.png
  1. Execute the report in Web. Notice the color for the added text appears in black.

CAUSE:
A change was made in Strategy 11 where Strategy will use OWASP-Java-Html-Sanitizer to smart encode instead of not encoding at all when the setting 'Allow HTML Output' is enabled. This change was introduced as an important security measure to tighten Strategy’s security standards
 
ACTION:
Currently this issue is being reviewed by Strategy for a potential code fix on an upcoming Strategy release.
 
WORKAROUND:
Use the below HTML tag to achieve the desired formatting of changing the font color to red.
 


<div style="color:red;">*There is a limit on how many records are displayed in the report result. Please limit the date range to see all results in the reports.</div>

The Strategy Internal Reference Number for this issue is: KB483029

Comment

0 comments

Details

Knowledge Article

Published:

March 26, 2019

Last Updated:

March 26, 2019