Expand my Community achievements bar.

SOLVED

Miscadmin and Useradmin

Avatar

Level 6

Hello,

I am trying to access miscadmin and useradmin in mylocal and dev instance. But I dont see it opening or loading. Its showsup empty.

I see following error in my error.log

06.06.2019 11:46:19.443 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The href attribute had a value of "/libs/wcm/core/content/misc.ico". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.443 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The type attribute had a value of "image/vnd.microsoft.icon". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.444 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The rel attribute had a value of "icon". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.

06.06.2019 11:46:19.444 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The href attribute had a value of "/libs/wcm/core/content/misc.ico". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.444 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The type attribute had a value of "image/vnd.microsoft.icon". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.522 *WARN* [0:0:0:0:0:0:0:1 [1559839579522] GET /libs/cq/security/userinfo.json HTTP/1.1] com.adobe.granite.xss.impl.XSSFilterImpl Cannot use custom policies.

Any input is appreciated

1 Accepted Solution

Avatar

Correct answer by
Level 6

There was error in custom code. When registering servlet. It was not registered in correct way. Fixing this I am able to acess all OOTB in classic UI.

@JadeeBrar I dint notice this issue in Touch UI. Its happened only in Classic UI

View solution in original post

3 Replies

Avatar

Employee Advisor

Can you confirm if you can access the pages directly skipping the dispatcher/Apache or ELB? If the issue exists directly on instance as well, make sure renderer of JSON is enabled[1].

[1]

  • Go to http ://<host>:<port>/system/console/configMgr/org.apache.sling.servlets.get.DefaultGetServlet
  • Check the "Enable JSON" and save the config.

Avatar

Employee Advisor

In addition to what Akash mentioned, looks like XSS security framework is blocking the URL due to invalid characters in either the URL or in the content.

Check of can access Useradmin in touch UI, Tools-> Security -> Users

Avatar

Correct answer by
Level 6

There was error in custom code. When registering servlet. It was not registered in correct way. Fixing this I am able to acess all OOTB in classic UI.

@JadeeBrar I dint notice this issue in Touch UI. Its happened only in Classic UI