Incorrect behavior when inserting text containing the "<script>" tag in the activity log

Document ID : KB000106097
Last Modified Date : 11/07/2018
Show Technical Document Details
When inserting an activity in the ticket, such as an update status, log comment, solution, etc, if in User Description field of the activity is typed a text containing the HTML tags <script> </script>, the CA Service Desk Manager (SDM) does not translate it correctly, and the list of activities in the ticket Activity Log tab is not displayed properly anymore, hence cannot be read.



CA Service Desk Manager 17.0
CA Service Desk Manager 17.1
The issue is related to the "keeptags=yes" parameter at the "list_alg.htmpl" form. Somehow the webengine is not handling the html <script> </script> tags properly, showing unexpected content under Activity Log tab.
Change below line at the "list_alg.htmpl" form


<PDM_MACRO name=lsCol hdr="Descrição" attr=description escape=JS2 export=no 
fmtfunc=UnEscapeDesc keeptags=yes max_char=140 sort=no> 


<PDM_MACRO name=lsCol hdr="Descrição" attr=description escape=JS2 export=no 
fmtfunc=UnEscapeDesc keeptags=no max_char=140 sort=no> 

After this modification, it is expected to be able to see the list of ticket activities under Activity Log again:

Image 03
Additional Information:
It is recommended to use the Web Screen Painter (WSP) tool for modifications of form files; check related articles to publish schema changes using WSP:
How does web screen painter work? What files are modified while previewing, editing and publishing a form?
How to Perform Schema Changes using Web Screen Painter on Advanced Availability Configuration
This behavior was identified only at CA SDM 17.0 and 17.1 releases; it works on (Rollup 01);
It works at previous SDM 14.1 CP4 and 14.1 CP5 releases.