MicroStrategy ONE

How to Control the Use of HTML and JavaScript in Web

Report and object designers can use HTML tags to define metrics, prompts, descriptions, and more. You can control whether this HTML is displayed in the following locations in MicroStrategy Web:

  • Project descriptions in the project page

  • Object description when displayed in the folder page

  • Prompt instructions

  • Metric values

  • Print header and footer

  • Exported text in plain text of CSV formats

To avoid the execution of unintended JavaScript when a user clicks a hyperlink within a Report Services document:

  1. Access the MicroStrategy Web Administrator page. (How?)

  2. From the pane on the left, select Security. The Security page opens.

  3. In the User Input Filtering area, determine if HTML (including scripts) can be used in any of the following:

    • Project description and project header: Determine if any HTML included in either the project description on the project page or the project header is displayed. For example, a developer may want to display a hyperlink within the description of the project. HTML must be enabled for such hyperlinks to be displayed.

    • Object description: Determine if any HTML included in object descriptions and threshold definitions is displayed. If this setting is enabled, when you browse folders, users can see any hyperlinks in object definitions and descriptions.

    • Prompt titles and descriptions: Determine if any HTML included in the title or description of a prompt is displayed. For example, a prompt designer may have included a hyperlink within a prompt's description. HTML must be enabled in the prompt text for such hyperlinks to be displayed.

    • Metric values: Determine if any HTML included in metric values is displayed. For example, a metric designer may have included thresholds that open a website when analysts click them. HTML must be enabled in the metric values for such hyperlinks to be displayed.

    • Print header and footer: Determine if HTML can be used in the print header and footer of a report or document. A designer may have included images in the header and footer layout of a report or document. HTML must be enabled in the print header and footer for such images and HTML to be displayed. This setting only applies to HTML printing, and does not apply if PDF printing is enabled. To disable PDF printing, clear the Use PDF for printing reports checkbox on the General project defaults page.

    • Exported text in plain text of CSV formats: Determine if HTML is included when a user exports a report to plain text or CSV. The inclusion of HTML in plain text files can cause some browsers to execute the text file as if it were a script. When this checkbox is selected, SCRIPT tags are encoded so browsers do not execute text files that are not meant to be executed as scripts.

    • Graph tooltips: Determine if any HTML formatting included in graph tooltips is displayed. For example, a designer may have included HTML line breaks or bold formatting in the tooltip for series values in a graph. HTML must be enabled for graph tooltips for such formatting to be displayed properly.

  4. To ensure that JavaScript in Report Services document hyperlinks is not executed, clear the Allow checkbox.

    • When this checkbox is selected, JavaScript is not executed when a user clicks a hyperlink in a document.

    • When this checkbox is enabled and a user clicks a hyperlink within a document, any included JavaScript is executed. For example, a document designer may create a text field and enable the Is Hyperlink property for the text field. In the Hyperlink field, they type "javascript:alert('click me!');". By default, the JavaScript will be executed if a user clicks on that text field in Express Mode.

  5. Click Save.