javascript code execution problem at velocity response writer in SOLR

Question

I have noticed that velocity response writer templates do not run JavaScript codes in SOLR anymore.

Although all html and css codes are rendered, the javascript code below is not executed and display "Result" at browser,

<p id="demo">Result</p>
<script>
document.getElementById("demo").innerHTML = 5 + 6;
</script>

However if you display the same page, rendered by velocity responser writer in Solr, through a php file, the javascript code is executed as expected and "11" is displayed at browser.

Is it due to security vulnerability I have heard couple of years ago? Is there a work around so that I can use velocity templates in Solr that executes JavaScript codes? Or is it only me having this problem.

Thanks for the replies in advance.

Check the browser console for any errors (if there are Javascript errors earlier in the document, the code will not run) and verify that the code is included verbatim in the resulting page (and not escaped in any way) — MatsLindh, May 13 '20 at 08:58

score 0 · Answer 1 · answered May 15 '20 at 07:03

Thanks to MatsLindh's guidance, found the solution.

The cause of the problem is SOLR-13982 issue. The new Content-Security-Policy directives added to response headers thru jetty.xml file, restricts java script codes to be executed at html files generated by velocity response writer.

Content-Security-Policy directives should be edited or deleted (with evaluating security concerns) in order to prevent restriction.

javascript code execution problem at velocity response writer in SOLR

1 Answers1