HighQ has a list of supports to enable or to stop your users from adding scripts to the site. The HighQ support team has an option to switch off all access to all users, to completely stop any user from adding scripts to the site, please contact them for more information on this.
This option enables system administrators to give specific users the permission to add custom Javascript to a site, rather than give full access to all users.
Please note that for these permissions to take effect, you need to contact HighQ support and have the restriction turned on for the entire instance to prevent any user from adding customer Javascript. Once enabled, you can then specify which users you want to bypass this protection.
Also note that users without permission to bypass XSS protection cannot edit any part of a page with Javascript, even if the Javascript is in a different panel, as they cannot save a page that contains a script.
Allowing a user to bypass XSS protection
To enable a user to bypass the XSS protection, navigate to your profile drop-down menu and select
System admin
:
The
System admin
screen opens. Select
User admin
in the left-hand panel:
In the
User administration
page, search for the user you want to give this permission to, select the check box next to their name and select
Roles
:
In the
Roles
screen, select the
Allow user to bypass XSS protection
checkbox and select
Save
. The selected user now has permission to add custom Javascript to a site.
If a page contains Javascript then a user must have permission to
bypass XSS protection
in
Roles
to edit and save the page.
Searching for users who have permission to bypass XSS protection
We have also introduced a search field to enable you to search for and list all users who have permission to bypass the XSS protection.
After navigating to the
User administration
screen, as shown above, you will see a new search check box called
Users granted bypass of XSS protection
.
Select this check box and select
Search
, a list of all users within the instance that have this new permission opens.
Use this screen to search for and manage this permission for your users.