SAP Knowledge Base Article - Public

2354028 - Validation Error - The "eval()" expression is not allowed


When assigning a Learning item to a user, or a user is attempting to provide an e-signature, or while perfoming other actions with the item (as editing the content within a curriculum, for example), a validation error happens saying "The 'eval()' expression is not allowed". There are other scenarios in the Learning Management System that might cause this same validation error.

eval error.png

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."


SAP SuccessFactors Learning

Reproducing the Issue

  1. Create an Item >
  2. Set the title of the newly created item 'Retrieval (Testing)' >
  3. Attempt to assign this item to a user >
  4. Face the validation error


By default, the XSS filter prevents data such as "ItemEval (V)" because it contains the javascript trigger "eval()". The use of which is considered dangerous in general.


There is no direct steps that can be provided due to the unique nature of the data. The best course of action is to modify any related data that has 'eval()'. This can be Item Title, Item Type, Item ID, etc. Depending on this data, please change accordingly the field to something else. An example would be to change 'Retrieval (Testing)' to 'Retrievals (Testing)'. This is the recommended option to avoid any possible javascript security vulnerability.

If the preference is to not change any of the fields that have this "eval()" data, a setting can be changed.

  1. Navigate to Learning Administration > System Administration > Configuration > System Configuration >
  2. Open the  WEB_SECURITY configuration in the Edit mode >
  3. Set secRules.eval.enabled=false >
  4. Hit "Apply Changes"

This is not the recommended choice, but it is an option.


XSS filter, Validation, error, eval(), javascript, trigger, secRules.eval.enabled, item, title, security, check, checks, sf, lms, successfactors, expression, allowed , KBA , LOD-SF-LMS-ITE , Items , LOD-SF-LMS-ADM , System Admin, Global Variables, References , Problem


SAP SuccessFactors Learning all versions