LogoLogo
  • CHARTS USER GUIDE
    • Introduction
    • Angular Gauge Chart
    • Bar/Column Chart
    • Bubble Chart
    • Bullet Chart
    • Calendar Heatmap Chart
    • Column Range Chart
    • Combination Chart
    • Dumbbell Chart
    • Filter Chart
    • Funnel Chart
    • Grid Chart
    • Table heatmap
    • Histogram Chart
    • KPI Animation Chart
    • KPI Ring Chart
    • Line/Area line Chart
    • Mekko Chart
    • Packed Bubble Chart
    • Pie Chart
    • Polar Charts
    • Sankey Chart
    • Simple KPI Chart
    • Slope Chart
    • Sparkline Chart
    • Stacked Column/Bar
    • Text Node
    • Tornado Chart
    • Trellis Chart
    • Variwide Chart
    • Waffle Chart
    • Waterfall Chart
    • Wordcloud Chart
    • Workstation
    • Allow/Block URLs
    • Animation Duration
    • Attribute Forms
    • Auto Scroll
    • Axes
    • Background Images
    • Backward Compatibility
    • Bar/Column Width
    • Color Picker with Opacity
    • Connect Null Points
    • Custom Markers
    • Custom SVG Markers
    • Data Markers
    • Data label customization
    • Dossiers/Documents differences
    • Drilling
    • Error Bars
    • Export to PDF
      • Export engine local resource set up
    • Formatting metric data
    • Gradient Threshold
    • Legend
    • Negative Sign
    • Pattern Fill
    • Play Animation
    • Plot lines/Reference lines
    • Reset color property
    • Reset font properties
    • Right Click Menu
    • Right-to-left Support
    • Series using Attribute
    • Small Multiples
    • Smooth Line
    • Tooltip Customization
    • Tooltip Links
  • GRID/MICROCHART GUIDE
    • Appearance
    • Auto Size
    • Column Totals
    • Context Menu
    • Creating a micro chart
    • Custom markers
    • Custom Editor
    • Filter Data
    • Format/Clear Format
    • Grand Total
    • Pivoting and Row Grouping
    • Horizontal Bars/Pins
    • Embed Images
    • Manage Scaling Grouping
    • Manage Column Grouping
    • Manage Metric Grouping
    • Pin Column
    • Reorder columns
    • Reset Columns
    • Show/Hide Column
    • Sorting
    • Subtotals
    • Thresholds
    • Tooltip
    • Transparency
    • Trend Lines
    • Value Aggregation
    • Variance
  • MAPS USER GUIDE
    • Creating New Maps
    • Custom Layouts
    • Customization of the Map chart
    • Default Maps
    • Formatting Options
    • Generic Merge tool
    • US map using counties data
    • US Map using ZIP Codes
  • IBCS USER GUIDE
    • IBCS
      • Why IBCS
      • Mapping IBCS Scenarios
      • Negative Metrics
      • Scaling Multiple Charts
    • CERTIFIED CHARTS
      • Multi-tier Bar chart
      • Multi-tier Column chart
      • Small Multiples
      • Vertical Waterfall
  • CUSTOMIZATION GUIDE
    • Introduction
    • Custom CSS
    • Custom CSS Samples
    • Custom Color Palette
    • Custom Fonts
    • Condensed Metric Format
    • Disable Edit button
    • Grid Custom CSS
    • Localization
  • FAQ
    • Contact Us
    • FAQS
  • INSTALL DOCS
    • Installing on MicroStrategy Web
    • Installing on MicroStrategy Desktop/Workstation
    • Installing on MicroStrategy Library
    • Installing on MicroStrategy Mobile
    • Release Notes
    • Release Notes Maps
Powered by GitBook
On this page
  • Allow/Block URLs in the Vitara Charts
  • 1. An option in the ‘global.txt’ file:
  • 2. Security Tab:
  • Handling Relative URLs for XSS Protection
  • Allowed Relative URL Formats
  • Summary of URL Filtering Logic
  • Safe Attribute Function Implementation
  • Important Notes

Was this helpful?

  1. CHARTS USER GUIDE

Allow/Block URLs

PreviousWorkstationNextAnimation Duration

Last updated 7 months ago

Was this helpful?

Allow/Block URLs in the Vitara Charts

To address the requirement of having URLs in the VitaraCharts, we have made some enhancements in the 5.1.3 release.

1. An option in the ‘global.txt’ file:

A property is included in the global.txt file. By using this property you can enable/disable the URLs in all the dossiers/documents where VitaraCharts are used. Below is the screenshot of this property from the global.txt file.

For the MSTR web application, the global.txt file can be located at the below path *webapps\MicroStrategy\plugins\VitaraCharts\custom*

For the MSTR Library application, the global.txt file can be located at the below path *webapps\MicroStrategyLibrary\plugins\VitaraCharts\custom*

Note: You have to configure the respective global.txt file for web and library applications.

security.allowURLLinks = 0 or 1. Setting 0 (zero) will not allow URLs used within the anchor tag ‘href’ property. With this setting enabled only anchor tag titles are allowed. While setting to value 1 (one) will enable URLs used within the anchor tag ‘href’ property. By default the value of the property security.allowURLLinks = 0. This means URLs in the VitaraCharts will not work.

2. Security Tab:

The properties window of all the VitaraCharts will now have the option to control the URLs within that particular chart. This means the global.txt file can be used to control the URLs globally in all VitaraCharts used in any of the dossiers or documents. Whereas, the Security tab property in the property editor of a specific chart is used to control the URLs in that particular chart in the particular dossier/document. Below is the screenshot of this option.

By default, the ‘Allow URL Links’ is set to the value Default. This means the functioning of the URLs is governed by the property set in the global.txt file. If global.txt is = 0, then URLs will not work. Enable/Disable: Set the ‘Allow URL Links’ option to either Enable/Disable to allow URLs or block URLs in that particular chart.

Handling Relative URLs for XSS Protection

Allowed Relative URL Formats

When specifying relative URLs in the href or src attributes, they must start with a forward slash (/). This requirement ensures proper XSS (Cross-Site Scripting) encoding and enhances the security of your application.

Summary of URL Filtering Logic

To enforce the rule for relative URLs:

  1. Ensure the URL value starts with /.

  2. Trim any leading and trailing whitespace from the URL value.

  3. If the URL does not meet the criteria, replace it with an empty string to prevent XSS attacks.

Safe Attribute Function Implementation

The following function filters href and src attribute values to ensure they comply with allowed formats and prevent XSS attacks: "http://","https://","mailto:","tel:","data:image/","ftp://","./","../","#","/"

Important Notes

  • Starting Character: Ensure that all relative URLs start with a forward slash (/). This is essential for correct XSS encoding.

  • Trimming Whitespace: Trim leading and trailing whitespace from the URL value before validation.

  • Default Behavior: If a relative URL does not start with a forward slash, it is replaced with an empty string to prevent potential XSS attacks.

By adhering to these guidelines and implementing the provided function, you can mitigate the risk of XSS attacks through careful validation and filtering of relative URLs.

Note: If you do not configure the functioning of URLs using any of the above methods, VitaraCharts will block all the URLs.