Basic Troubleshooting - Cross-Site Scripting Errors

PowerSchool released on January 19, 2018, and it included a new security feature.  The feature checks data being submitted to fields in the database via a form to see if there's any html coding being saved, and if so, it then checks the html coding against a whitelist.  More details and the actual whitelist can be found in KB Article 79956 on PowerSource.  If the html coding isn't permitted, the following error message appears:


There are two places where you may run into the error with sqlReports.  There are a couple blog posts on the site dealing with the two instances, but since those blog posts can get moved off the front page as more blog posts are added, this article is meant to provide a place to point people to in the future, plus appear in the articles area so people see the information if they miss the blog posts.

Below are descriptions of the two places where you may encounter the error if you're on PS 11.0.4.x, or a version released later on, with links to the blog posts that cover things in more detail:

Importing New Reports - link to blog post - if you're not on the latest version of sqlReports, you'll get the cross-site scripting error when you try to import a report.  The blog post also covers how to manually apply a change to the sqlReports import file to keep the error from appearing in case you do not want to upgrade sqlReports.   The import function of sqlFormLetters and Custom Links were also affected and new releases of them were also added to the site.

HTML in a sql query in a sqlReport - link to blog post - If you have any reports where you use html in the sql query in the report to create links to other pages in PS, display images in the report, or change the background color of cells or text, you'll get the error if you try to import, edit, or run a report unless you follow the workaround mentioned in the blog post.  The Using HTML Coding in sqlReports article was also updated to reflect the workaround.


Back to the List of Articles