The set up:
TeamSite 7.3.2 running on Linux.
Custom JSPs are being used to render forms which write back to DCRs. Part of this includes a bit of custom JavaScript used to launch the built in TeamSite browser to two different branches.
The problem:
We've been asked to move the JSPs from their current position in iw-cc.war to an external CSSDK server, running on a different hostname. While this is all fine and good for the Java, the JS craps itself because of XSS (as it should).
The only solution we can think of (aside from having the users manually type in all paths, which isn't going to happen..) is to replace the OOTB browser with custom java, something I would really prefer to avoid. Are we missing any obvious solutions?
