0

I get the following error when trying to save a quote in Netsuite:

The XSS Auditor refused to execute a script in 'https://system.na1.netsuite.com/app/accounting/transactions/estimate.nl' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.

I am using the following code on saveRecord.

    function saveRecord() {
  if(checkGroupApproval() || itemApproval.length > 0) {
    cr.setValue({
      fieldId: 'custcol23',
      value: 1
    })
  } else {
    cr.setValue({
      fieldId: 'custcol24',
      value: 2
    })
  }

  return true;
}

Same script works fine in our sandbox environment has anyone come accross this issue??

Ryan
  • 81
  • 1
  • 2
  • 7
  • http://stackoverflow.com/questions/1547884/refused-to-execute-a-javascript-script-source-code-of-script-found-within-reque perhaps – Jaromanda X Oct 20 '16 at 21:59
  • That is not likely the code that is causing the issue. The sample you supplied is a client side script. I do notice however that you are using both custcol23 and custcol24. Do you mean to set different fields? If the error is being thrown when that script runs then can you provide the source for `checkGroupApproval`? If that is calling a Suitelet then the XSS could be thrown because of an error in the Suitelet or because you have moved from Sandbox to Production without changing the Suitelet URL – bknights Oct 21 '16 at 16:16

0 Answers0