Error on some wiki pages when trying to save new content with varying users: /home/Support/LabKey Support Forum

Error on some wiki pages when trying to save new content with varying users

LabKey Support Forum

View Message

Error on some wiki pages when trying to save new content with varying users

max diesner

2020-05-25 07:38

Status: Active

Hi,

i am a fairly new user to the Labkey enviroment. I have setup a community edition version 20.3. (updated from 19.3.) and everything works when i am editing and uploading files through my main admit account. However, when my colleagues want to edit certain wiki pages we get the following error:

Unable to save changes due to the following validation errors:
Illegal attribute 'onclick' on element <a>.

this happens when we use the "advanced editor"

When we edit the wiki page via the normal editor we just get the message "Error saving wiki".

What is interesting is that this error only pops up at certein wiki pages and not at all. When a user is given rights as "site administrator" the user can edit the page and save it. However as soon as these rights are removed and the user only has the "normal Fodler administrator" rights the problem occurs again. the user can however setup new pages without a problem. The problem only appears at some wiki pages that have been created by my account, the "Site administrator" account.

I know that is has something to do with the rights managment or with the creation of these certain pages but i am lacking the knowledge on how to check where the error comes from.

Looking forward to here from you guys, you are doing an awesome job!

P.S.: The Server is runing on a virtual server, win server 2019 with 8 gig ram. Server version is 20.3. with an updated java 14.0.1+7, tomcat 9.0.26.

chetc (LabKey Support) responded:	2020-06-07 17:23
Hello, Welcome to the LabKey Environment! If your Wiki is just plain HTML then the "Project Admin"/"Editor" role would be sufficient. But if it includes some JavaScript, the users will need to be a part of the "Developers"/"Site Admin" group. If you do not want to have the other users as "Site Admins" then "Developers" should allow them to successfully edit the wiki. https://www.labkey.org/Documentation/wiki-page.view?name=devRoles#platformDeveloper Configuration of your virtual environment looks good. Thanks, Chet

max diesner responded:	2020-06-10 02:55
Status: Closed
As your second post is not visible here is the answer that i got: Hello, Welcome to the LabKey Environment! A user shouldn't have to be a "Site Admin" in order to edit a wiki page, could you try giving the users editor rights to the project in question. I am a bit confused by the error you got (below). This usually means that there is an issue with the HTML in that wiki, and doesn't really have to do with permissions. Also what did you mean by normal editor/advanced editor, could you send a screenshot of the editors you are looking at? Illegal attribute 'onclick' on element <a>. Configuration of your virtual environment looks good. Thanks, Chet

max diesner responded:	2020-06-10 02:56
Status: Active
I figured it out, the problem was indeed in the html. The problem arises when you want to have a java popup of a certain link. So as an folder administrator I insert a link via the “advanced editor” and directly add a java popup of the link . The resulting html code looks like this: <a onclick="window.open('http://example);return false;" href="http://example">example</a></span></td> I can save it and the code is executed. When I now change to a user with editor rights, I can open up the editor but as soon as I change some of the information on the page and want to change it I get the error: Unable to save changes due to the following validation errors: • Illegal attribute 'onclick' on element <a>. When I remove the javascript popup via code or the advanced editor the error does not appear and I can save and edit the wikipage with that non-administrator user. In order to circumvent this I can just use rel="noopener noreferrer" target="_blank" in order to send the link to a new tab without the javascript popup. What I think is still interesting that as an full site administrator it is possible to implement the <a onclick> while as an “folder administrator” or “editor” this line of code results in a validation error. Thank again for the help, you are awesome as usuall! Greetings from Germany, Max

chetc (LabKey Support) responded:	2020-06-30 16:57
Status: Closed
Hello Max, It's great to hear that you were able to get it working! Could you trying adding the user you are testing with to the developers group? I apologize that I failed to mention this earlier. But whenever you are trying to add JS to a wiki page the user making the change needs to be a part of either the "Site Admins" or "Developers" group. Thanks, Chet