To provide a more secure experience, Cornerstone has made changes to several curricula administration fields to prevent XSS (cross-site scripting) security vulnerabilities. These updates include the following:
- HTML text will be encoded in fields that do not support HTML
The following curricula administration field is only impacted by the HTML encoding update:
- Curriculum title
The following curricula administration fields are impacted by both the HTML encoding update AND the field validation update:
- Section title
- Section instructions
- Note title
- Note instructions
- In affected fields that do not allow HTML, the field will display as HTML code and not as it would be rendered by a browser if tags are entered.
This functionality is turned on by default for all portals using the Learning module. Note: Customers who have the backend setting enabled to bypass Cross Site Scripting (XSS) security measures are unaffected by this enhancement.
The following existing permission applies to this functionality:
|PERMISSION NAME||PERMISSION DESCRIPTION||CATEGORY|