2354028 - Validation Error - The "eval()" expression is not allowed

SAP Knowledge Base Article - Public

2354028 - Validation Error - The "eval()" expression is not allowed

Symptom

In a number of circumstances the following error may trigger in LMS

eval error.png

Environment

SuccessFactors Learning Management System (LMS)

Resolution

By default the XSS filter prevents data such as "ItemEval (V)" because it contains the javascript trigger "eval()"; the use of which is considered dangerous in general.

SF would recommend you change the related data so as not to include the 'eval()' combination to avoid any possible javascript security vulnerability.

Or if you have to keep the ids like that, you could disable the below xss rule from the Configuration > System Configuration > WEB_SECURITY > set secRules.eval.enabled=false

This would not be the SF recommended choice but it is an option.

Keywords

XSS filter; Validation error; eval(); javascript trigger; secRules.eval.enabled; , KBA , LOD-SF-LMS , SuccessFactors Learning , How To

Product

SAP SuccessFactors Learning all versions