warnar Report post Posted September 14, 2008 Hello all, Within the company I work we have a server for internal usage only. For security reasons, it has no internet access. Unfortunately, we're dealing with a small problem / design error. Our internal server has a overview system wherein we show charts and graphs. At the moment, we use JPgraph in this application but due to the work involved we are looking for a new/better solution. One of our developers recommended FusionCharts so I downloaded the evalution version and started working. I setup fusioncharts on the internal server and created a xml output on one of our external servers, then set the setDataUrl to the external server (of course I configured the crossdomain.xml to allow the external server) and received the response "invalid data" so I turned on the debug mode and got the following error: dataURL reset: A colon character was found in dataURL, which can be potentially dangerous as it allows XSS attacks. Re-setting dataURL to Data.xml. If you're using absolute URLs (like http://domain.com/...) to provide dataURL, please convert it to relative path for increased security. So after looking on this forum I found out that the normal solution would be creating a proxy; which in my case is not a option due to the server not having an internet connection. My question is there any option that I can set that will disable this "feature"? or should I just go and look for a different solution that will not involve fusioncharts? Greetings to all Share this post Link to post Share on other sites
Pallav Report post Posted September 16, 2008 Hi, Starting FusionCharts v3.0.6, we've blocked absolute URLs owing to XSS attacks. And, there is no way to set it off. The only way to overcome this would be to use a previous version of FusionCharts. Share this post Link to post Share on other sites
warnar Report post Posted September 17, 2008 (edited) Hi, Okee that is clear will there be a option in future version's to disable this "feature"? Also the second question is how can i get a evaluation version of the 3.0.5 version? Thanks for your previous reply Edited September 17, 2008 by Guest Share this post Link to post Share on other sites
Pallav Report post Posted September 24, 2008 Hi, I'm afraid there wouldn't be an option to disable this, as that'll open the charts to XSS attacks. However, we would be able to provide separate version without this feature. To get v3.0.5, can you please drop us an email at support [at] fusioncharts.com? Share this post Link to post Share on other sites
