|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: 7.0.2+
|Issue||After upgrading RSA Identity Governance & Lifecycle to 7.0.2 or higher from a version prior to 7.0.2, accessing user Dashboards result in the following errors:|
The request could not be handled
Unable to create page for page ID
"<name of page being accessed>"
Unsafe characters detected in URL parameters. Possible
|Cause||This issue occurs when using a bookmark of a Dashboard that was saved prior to 7.0.2. Starting in 7.0.2 security was increased for Cross-Site Scripting (XSS). The format of the URL saved in the bookmark is now flagged as a possible XSS attack. The format that causes this behavior are '+' signs in the URL.|
For example, the following bookmarked URL in 6.9.1 brings the user successfully to their dashboard page:
Starting in 7.0.2 and higher, the same URL would fail and flag a potential XSS attack. To resolve this problem, URLs in version 7.0.2 or higher are stripped of any '+' signs as in the example below:
Because an RSA Identity Governance & Lifecycle patch does not modify user bookmarks, the older version of the URL is accessed when using the bookmark and the potential XSS risk is flagged.
|Resolution||For each Dashboard that has this issue, delete the old bookmark that accesses that Dashboard and create a new bookmark:|