SAP Knowledge Base Article - Public

2354028 - Validation Error - The "eval()" expression is not allowed

Symptom

When assigning a Learning item to a user, or a user is attempting to provide an e-signature, or while perfoming other actions with the item (as editing the content within a curriculum, for example), a validation error happens saying "The 'eval()' expression is not allowed". There are other scenarios in the Learning Management System that might cause this same validation error.

eval error.png

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP SuccessFactors Learning

Reproducing the Issue

  1. Create an Item >
  2. Set the title of the newly created item 'Retrieval (Testing)' >
  3. Attempt to assign this item to a user >
  4. Face the validation error

Cause

By default, the XSS filter prevents data such as "ItemEval (V)" because it contains the javascript trigger "eval()". The use of which is considered dangerous in general.

Resolution

There is no direct steps that can be provided due to the unique nature of the data. The best course of action is to modify any related data that has 'eval()'. This can be Item Title, Item Type, Item ID, etc. Depending on this data, please change accordingly the field to something else. An example would be to change 'Retrieval (Testing)' to 'Retrievals (Testing)'. This is the recommended option to avoid any possible javascript security vulnerability.

If the preference is to not change any of the fields that have this "eval()" data, a setting can be changed.

  1. Navigate to Learning Administration > System Administration > Configuration > System Configuration >
  2. Open the  WEB_SECURITY configuration in the Edit mode >
  3. Set secRules.eval.enabled=false >
  4. Hit "Apply Changes"

This is not the recommended choice, but it is an option.

Keywords

XSS filter, Validation, error, eval(), javascript, trigger, secRules.eval.enabled, item, title, security, check, checks, sf, lms, successfactors, expression, allowed , KBA , LOD-SF-LMS-ITE , Items , LOD-SF-LMS-ADM , System Admin, Global Variables, References , Problem

Product

SAP SuccessFactors Learning all versions