Allow Custom HTML and JavaScript and Email Domains

You can:

• Enable or disable custom HTML and JavaScript content

• Starting in Strategy One (September 2025), which email domains are allowed for email subscriptions

The ability to view or edit certain settings is determined by a user's privileges. All necessary privileges are included in the Administrator role by default. You must belong to the System Administrators group to use this feature.

Specify Allowed Email Domains for Email Subscriptions

Specify a list of allowed email domains, like a whitelist, for email subscriptions. You can set this at the project, folder, and object level.

If the subscription contains a single piece of content, the email is sent if recipient's domain is allowed at any level (project, folder, or object).

If the subscription contains multiple pieces of content, each piece is resolved separately.

• If some pieces are allowed and others are blocked, the email includes only the permitted content. Each blocked piece displays as an error message in the email body.

• If all pieces are blocked, the email is not sent. A failed email notification is sent to the Administrator.

For example, the Administrator creates a subscription in Workstation that contains a dashboard as an attachment.

• At the project level, @Company1.com is allowed as an email domain.

• At the folder level, @Company2.com is allowed.

• At the object level, @Company3.com is allowed.

The subscription is sent to the following users:

• Al@Company1.com

• Betty@Company2.com

• Charlie@Company3.com

• Della@Company4.com

Della does not receive the subscription because their email address is not in the allowed domain list.

Specify Security Settings for an Object

1. Open the Workstation window.
2. Find the object to update.
   • You can Browse and Search for Schema Objects. Schema objects include attributes, filters, metrics, prompts, and so on.
   • For a project object such as a report or dashboard, View and Access Objects within Projects.
3. Right-click the object and choose Properties.
4. In the left pane, click Security Settings.

   

5. Starting in MicroStrategy ONE (March 2024), all custom Web content is disabled by default to ensure a secure platform configuration. For details, see Disallow Custom HTML and JavaScript in Dashboards, Documents, Reports, and Agents.

   1. Before enabling it, you should inspect the content. Click Inspect to display any HTML and JavaScript content in the object. You can enable or disable each piece of content separately. Strategy recommends disabling custom HTML and JavaScript within HTML containers and grids.

   2. To enable it for the entire object, return to the Properties dialog box and Enable HTML and JavaScript Content.

   Specify Allowed Email Domains

6. To add an email domain, click Add Domain. In the new row that displays, type the email domain, such as @strategy.com.

7. To edit an existing domain, double-click it and make your changes.

8. To delete an existing domain, right-click it and select Delete. On the pop-up notification, click Delete.

9. To delete multiple domains at the same time, select their check boxes, right-click them, and select Delete. On the pop-up notification, click Delete

10. To import a CSV file of allowed domains, click Import. Navigate to the file and double-click it.

11. To export a CSV file of the domain whitelist, click Export. Navigate to the folder to save the file in. By default, the file is named allowed-email-domains.csv, although you can change it. Click Save.

12. Click OK to save your changes and close the Properties dialog box.