Pages

Wednesday, July 31, 2013

Dynamics CRM - Cross-Site Scripting Filter

In CRM, if your customization fetch xml contain extra attribute name which is does not belong in the Saved View, then IE will throw
"Internet Explorer has modified this page to help prevent cross-site scripting. Click here for more information... "



Example
Saved View contains - firstname, lastname
Cusomization fetch XML contain middlename
var fetchBaseXML = '<fetch version="1.0" output-format="xml-platform" mapping="logical" distinct="false">';
            fetchBaseXML += '    <entity name="contact">';
            fetchBaseXML += '        <attribute name="middlename" />';
            fetchBaseXML += '        <attribute name="lastname" />';
            fetchBaseXML += '        <attribute name="firstname" />';
           
Solution 1
Remove the attribute name from the customization fetch OR Add the attribute name in the Saved View.

Solution 2
Click Tools > Internet options > Security and click the Custom Level... button.
Scroll down the list and click the Disable radio button for the Enable XSS-filter option.
Restart the browser.
Click the Submit button again in the Report Administration screen in Maximo, and the SmartCloud Cost Management reports are now displayed.