SAP Knowledge Base Article - Public

2792663 - Security Scan Error displaying when trying to make changes in RCM screens - Recruiting Management

Symptom

An error message related to Security Scan appears when:

  • Creating Offer Letter
  • Trying to make a change through Manage Templates to a template
  • Trying to edit the Job Profile tab and save
  • Configuring Recruiting Custom Help Text

Error message: This content was rejected by the Security Scan of User Inputs feature because it might contain malicious content. Please review your content for security risks, such as scripting, and try again.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors Recruiting Management

Reproducing the Issue

When making a change to a template:

  1. Go to Manage Templates → Recruiting Management
  2. Select the template you wish to make changes to.
  3. Make the appropriate changes
  4. Click on Publish
  5. Get an error message

When creating an Offer Letter:

  1. Go to Recruiting → Job Requisitions
  2. Select the job requisition, then go to the Candidates tab of the job requisition → Take Action → Offer Letter
  3. Compose Offer Letter → Next

When editing a Job Requisition's Job Profile tab:

  1. Go to Recruiting
  2. Open the job requisition
  3. Go to Job Profile tab
  4. Edit the job description fields
  5. Click on Save
  6. Get the error

When configuring Recruiting Custom Help Text:

  1. Go to 'Manage Recruiting Custom Help Text'
  2. Edit the text in the Rich Text editor
  3. Click on Save
  4. Get the error

Error Message:

secuirty.jpg

Cause

Security Scan of User Inputs Functionality is currently enabled on the instance. Refer to Enabling Security Scan of User Inputs for details.

  • Admin Center > Application Security Feature Settings > Security Scan of User Inputs

If Security Scan of User Inputs is enabled, be aware that certain HTML user inputs that previously could be entered may now be considered invalid or harmful and cannot be saved.

This applies to both source HTML codes and the text entered in Rich Text fields.

Resolution

SAP have recommended to keep "Security Scan of User Inputs" enabled as per the SAP SuccessFactors Security Recommendations. However, this issue will be addressed as a long-term fix.

Should you have an urgent need to update a template in your system, you can create a new ticket to Product Support team as per XML Template Upload due to Manage Templates limitation section in KBA 2258199 - SAP SuccessFactors Recruiting - Provisioning Configuration Changes.

Please note for Offer Letter Templates there is no option to upload on customer's behalf via provisioning. Please remove any script tags that are causing the security scan to trigger.

See Also

What's New Viewer 2H 2023 - Security Scan for User Input Enabled by Default in New Systems

Implementing Security Features for SAP SuccessFactors - Enabling Security Scan of User Inputs

Keywords

RCM-124881, WEF-134663, Create, User, Input, contains, tags, attributes, not, defined, prefer, template, requisition, application, Help Text, Application Security Feature Settings, 81c02a4686df215fab7ee6fa5d2e0ade5353fb0e , KBA , LOD-SF-RCM , Recruiting Management , LOD-SF-RCM-ADM , Admin Center, RBP, Permissions and Settings , Problem

Product

SAP SuccessFactors Recruiting all versions