Something that has always bugged me with our favourite CMS / WebSite Management Server is that when publishing HTML content a comment/header/
advert is embedded next to the html head tag in all web pages that includes the page id, CMS product name and version number. This comment/header is a good source of information to start profiling your organisation for security flaws and ways to get in and cause some havoc! Okay I’m being a little melodramatic as a lot of the time RedDot CMS OTWSMS is sitting behind a corporate firewall and a little security through obscurity isn’t going to make a huge difference if someone is looking to cause you ill intent. Come to think of it you’re more likely to be contacted by an OpenText partner providing good reasons to upgrade from your old version of the CMS!
Whether it’s security, keeping the account executives away or simply looking to produce cleaner code, with the many configuration options within
RedDot CMS OTWSMS you’d assume there would be an option to disable the header/comment, right? Well there isn’t one! Though there is a way to trick reddot Open Text Web Solutions Management Server in to not inserting it. An example of the comment/header in question is as follows:
<head><!-- PageID 2 - published by RedDot 7.5 - 184.108.40.206 - 13708 -->
<head><!-- PageID 1 - published by Open Text Web Solutions 9 - 220.127.116.11 - 17320 -->
I always found it strange that non-html content never had the header inserted. So with a little investigation I came to the conclusion that the <head> tag was the culprit. If you remove the <head> tag the OT comment/header is never inserted but of course you can’t create a valid html page without an opening header. The solution is to make
RedDot CMS OTWSMS think that it isn’t producing a valid tag but really is. It might sound a little confusing but hopefully the following workaround code makes sense….
As per the code above we’re hijacking the not in smartedit/smartedit only functionality and the rendering order of the CMS to make it believe there is no head tag.
Keep in mind the above workaround is as unofficial as this blog. Please check with OpenText before making these changes in case your support gets cancelled, the sky falls in or other major issues occur.
EDIT: thanks to a tip off from Jian’s post below i’ve updated the comment/header workaround to no longer use pre-executing script to achieve the same result … which will drop the comment but speed up publication times. Thanks Jian!
EDIT2: Ashley pointed out in the comments below, that this also prevents RedDot from publishing the inline style sheets that is created for the text editor (these styles are already applied via the main site’s css file).
No related posts.