Including external JavaScript or HTML in the translation

To include external JavaScript or HTML files that are specified with the src attribute, you can specify which domains OpenText SAST can download and include in the translation phase. To do this, specify one or more domains with the com.fortify.sca.JavaScript.src.domain.whitelist property.

You can also set this property globally in the fortify-sca.properties file.

For example, you might have the following statement in your HTML file:

<script src='http://xyzdomain.com/foo/bar.js' language='text/javascript'/> </script>

If you are confident that the xyzdomain.com domain is a safe location from which to download files, then you can include it in the translation phase by adding the following property specification on the command line:

-Dcom.fortify.sca.JavaScript.src.domain.whitelist="xyzdomain.com/foo"

You can omit the www. prefix from the domain in the property value. For example, if the src tag in the original HTML file specifies to download files from www.google.com, you can specify just the google.com domain.

To trust more than one domain, include each domain separated by the vertical bar character (|) as shown in the following example:

-Dcom.fortify.sca.JavaScript.src.domain.whitelist=
"xyzdomain.com/foo|abcdomain.com|123.456domain.com”

If you are using a proxy server, then you need to include the proxy server information on the command line as shown in the following example:

-Dhttp.proxyHost=example.proxy.com -Dhttp.proxyPort=8080

For a complete list of proxy server options, see the Networking Properties Java documentation.