View PDF
Standard remediation actions
Aug 14, 2017
Standard actions
The following table provides a list of the standard remediation actions that are built into AppDNA. Each action has one or more associated action details. You can change the action and action detail that is associated with an algorithm and you can also add your own custom actions and action details, as described in Add a remediation action.
| Action | Effort | Action RAG | Description |
|---|---|---|---|
| Additional testing required | Hard | Amber | Additional testing is required |
| Additional XenApp testing required | Medium | Green | Additional XenApp testing required |
| Application virtualization | Easy | Green | Deploy using an application virtualization technology. |
| App-V 4.6 | Easy | Green | Use App-V 4.6 |
| App-V 5.0 | Easy | Green | Use App-V 5.0 |
| App-V Management Console modifications | Easy | Green | Modifications are required in the App-v Management Console |
| Auto | Easy | Green | Use an automatic fix |
| Change GPO | Easy | Green | Change Group Policy |
| Change hardware | Hard | Red | Change hardware |
| Change OS | Medium | Green | Change operating system build |
| Change software | Medium | Amber | Change software |
| Desktop virtualization | Easy | Green | Deploy using a desktop virtualization technology |
| Edit OSD file | Easy | Green | The OSD file requires editing |
| Exception | Hard | Red | Remediation is not possible (the application may need to be redeveloped or decommissioned) |
| Firefox in-house redevelopment required | Medium | Green | The Web application needs to be redeveloped to solve this issue |
| Firefox redevelopment required | Hard | Red | The Web application needs to be redeveloped to solve this issue |
| Firefox remediations | Easy | Green | Firefox remediations are required to get Web pages to work as expected |
| IE infrastructure changes | Medium | Amber | Environment infrastructure changes are required |
| IE in-house redevelopment required | Medium | Green | The web application needs to be redeveloped to solve this issue |
| IE redevelopment required | Hard | Red | The application needs to be redeveloped |
| IE remediations | Easy | Green | Remediation to get web pages to work as expected |
| No remediation required | Easy | Green | No remediation is required |
| Redevelopment required | Hard | Red | The application must be redeveloped to remediate the issue |
| Repackage | Easy | Green | The application must be repackaged or the MSI edited to remediate the issue |
| Sequence | Easy | Green | Sequencing steps need to be followed |
| Sequence | Hard | Green | Sequencing steps need to be followed |
| Sequence advanced | Medium | Green | Advanced sequencing steps need to be followed |
| Shim | Medium | Green | A shim will be applied to the application to remediate the issue |
| Undefined | Not defined | Undefined | No action is defined for remediation |
| Virtualization exception | Hard | Red | Remediation may not be possible |
| Secure Web in-house redevelopment required | Medium | Green | The web application needs to be redeveloped to solve this issue |
| Secure Web redevelopment required | Medium | Green | The web application needs to be redeveloped to solve this issue |
| Secure Web remediations | Easy | Green | Secure Web remediations are required to get web pages to work as expected |
| XenApp | Easy | Green | XenApp steps need to be followed |
Standard action details
This section lists the action details that are available for each of the standard actions.
Additional testing required
| Action detail | Description |
|---|---|
| Application requires functionality testing | Application requires functionality testing |
| Assess application security risk | Assess application security risk |
| Driver compatibility test required | Driver compatibility test required |
| Driver component requires further testing | Driver component requires further testing |
| Verify application publisher is trustworthy | Verify application publisher is trustworthy |
Additional XenApp testing required
| Action detail | Description |
|---|---|
| Additional testing may be required | Additional testing may be required |
Application virtualization
| Action detail | Description |
|---|---|
| Deploy application using an application virtualization technology, such as App-V | Deploy application using an application virtualization technology, such as App-V |
App-V 4.6
| Action detail | Description |
|---|---|
| Use App-V 4.6 | Use App-V 4.6 |
App-V 5.0
| Action detail | Description |
|---|---|
| Microsoft prescriptive guidance for sequencing Office 2010 | Follow the Microsoft prescriptive guidance for sequencing Office 2010 applications |
| Use App-V 5.0 | Use App-V 5.0 |
App-v Management Console modifications
| Action detail | Description |
|---|---|
| Create global FTAs | Create global FTAs |
| Select one application to be FTA provider, change the other application’s verb | Select one application to be FTA provider, change the other application’s verb |
Auto
| Action detail | Description |
|---|---|
| Use the automatic fix provided by AppDNA | The application needs the automatic fix provided by AppDNA |
Change GPO
| Action detail | Description |
|---|---|
| Change the corresponding group policy | Change the corresponding group policy |
Change hardware
| Action detail | Description |
|---|---|
| Replace underlying hardware | Replace underlying hardware |
Change OS
| Action detail | Description |
|---|---|
| Add certificate trusted list | Add certificate trusted list |
| Add non-supported component to OS | Add non-supported component to OS |
| Add redistributable to OS | OS build should include this dependency, a redistributable may be available |
| Change registry keys on the build | Change registry keys on the build |
| Deploy core applications to OS | Deploy core applications to OS |
| Deploy applications unsuitable for virtualization to OS | Deploy applications unsuitable for virtualization to OS |
| Disable Dep NX protection on the OS | Disable Dep NX protection on the OS |
| Edit GPO to allow anonymous RPC and allow port 135 on the firewall | Edit GPO to allow anonymous RPC and allow port 135 on the firewall |
| Edit registry to repair GINA chaining on Windows Server 2003 | Edit registry to repair GINA chaining on Window Server 2003, select a different action for Server 2008 and above |
| Enable only IP v4 | Enable only IP v4 on the build for the installed network adapters |
| Enable the 16-bit subsystem | Enable the 16-bit subsystem |
| Open the port to allow communication | Open the port to allow communication |
| Relax permission on the local intranet zone | Relax permission on the local intranet zone |
| Run application on 64-bit OS | Run application on 64-bit OS |
| Run Interactive Service Detection Service | The Interactive Server Detection Service will need to be enabled on the OS build |
Change software
| Action detail | Description |
|---|---|
| Replace or update vendor software | Replace or update vendor software |
Desktop virtualization
| Action detail | Description |
|---|---|
| Deploy application using a desktop virtualization technology, such as Med-V | Deploy application using a desktop virtualization technology, such as Med-V |
Edit OSD file
| Action detail | Description |
|---|---|
| Edit FTA section | Edit FTA section |
| Enable LOCAL_INTERACTION_ALLOWED policy | Enable LOCAL_INTERACTION_ALLOWED policy |
| Split the application into pieces and use DSC to create inter-package dependencies | Split the application into pieces and use DSC to create inter-package dependencies |
| Use DSC to create inter-package dependencies | Use DSC to create inter-package dependencies |
Exception
| Action detail | Description |
|---|---|
| Remediation not possible | There is no remediation available for this application |
Firefox in-house redevelopment required
| Action detail | Description |
|---|---|
| Explicitly opt-in to HTML parsing for XSLT if your output depends on HTML parsing rules: <xsl:output method=”html”> | Explicitly opt-in to HTML parsing for XSLT if your output depends on HTML parsing rules: <xsl:output method=”html”> |
| Migrate to the standardized XSL namespace: <xsl:stylesheet xmlns:xsl=”http: //www.w3.org/1999 /XSL/Transform”> | Migrate to the standardized XSL namespace: <xsl:stylesheet xmlns:xsl=”http: //www.w3.org/1999 /XSL/Transform”> |
| Redevelop the page to adjust changes to the table object model in Firefox | Redevelop the page to adjust changes to the table object model in Firefox |
| Redevelop the page to trim white spaces where it is needed | Redevelop the page to trim white spaces where it is needed |
| Redevelop the site so that it does not use legacy properties | Redevelop the site so that it does not use legacy properties |
| Redevelop the site so that the eval method is called directly | Redevelop the site so that the eval method is called directly |
| Redevelop the site without using the cached pointers to call methods | Redevelop the site without using the cached pointers to call methods |
| Use the standardized xml-stylesheet processing instruction for loading XSLT: <?xml-stylesheet type=”text/xsl” href=”my.xslt”?> | Use the standardized xml-stylesheet processing instruction for loading XSLT: <?xml-stylesheet type=”text/xsl” href=”my.xslt”?> |
Firefox redevelopment required
| Action detail | Description |
|---|---|
| BASE elements need to be moved inside the HEAD of the document | BASE elements need to be moved inside the HEAD of the document |
| Create the element and add the attributes individually by using the setAttribute API or create the element inside a parent | Create the element and add the attributes individually by using the setAttribute API or create the element inside a parent element by using the innerHTML API |
| If your page contains these filters, please remove or replace them | If your page contains these filters, please remove or replace them |
| Move the nested OBJECT so that it is the outermost OBJECT | Move the nested OBJECT so that it is the outermost OBJECT |
| Redevelop page to use supported DHTML behaviors | Redevelop page to use supported DHTML behaviors |
| Redevelop the page so that it does not use Document APIs via document fragments | Redevelop the page so that it does not use Document APIs via document fragments |
| Redevelop the page so that it uses full tag names while calling getElementsByTagName | Redevelop the page so that it uses full tag names while calling getElementsByTagName |
| Redevelop the page to avoid using return statement in Javascript protocols | Redevelop the page to avoid using return statement in Javascript protocols |
| Redevelop the site so that it does not use conditional comments | Redevelop the site so that it does not use conditional comments |
| Redevelop the site so that it does not use namespaces | Redevelop the site so that it does not use namespaces |
| Redevelop the site so that it does not use XML data islands | Redevelop the site so that it does not use XML data islands |
| Redevelop the site using a fixed height for IFrames | Redevelop the site using a fixed height for IFrames |
| Redevelop the site without the arguments. caller property | Redevelop the site without the arguments. caller property |
| Remove references to external domains | Remove references to external domains using the src attribute for script tags |
| Remove URL paths to gopher and telnet resources | Remove URL paths to gopher and telnet resources |
| Remove XMB images and use alternative image format | The application needs to be redeveloped to remove XMB images and use an alternative image format such as .png |
| Replace API call with compliant | Discontinued or unsupported API calls should be replaced with new or supported one |
| Replace CDF with the new RSS feed | The application needs to be redeveloped to replace CDF with the new RSS feed |
| Replace functionality of ActiveX components which are unsupported by Firefox | Replace functionality of ActiveX components which are unsupported by Firefox |
| Replace window on document where it is needed | Replace window on document where it is needed |
| Rework the page to add the element to document.documentElement instead | Rework the page to add the element to document.documentElement instead |
| The application needs to be redeveloped so that files are created on the web server and a clickable link is provided to users to | The application needs to be redeveloped so that files are created on the web server and a clickable link is provided to users to download the file |
| The application needs to be redeveloped to use the compliant naming standards | The application needs to be redeveloped to use the compliant naming standards |
| The application needs to be redeveloped to use the correct extension for style sheets | The application needs to be redeveloped to use the correct extension for style sheets |
Firefox remediations
| Action detail | Description |
|---|---|
| Disable Show Mixed Content in Firefox | Disable Show Mixed Content in Firefox |
| Do not use COM components which are unsupported by Firefox | Do not use COM components which are unsupported by Firefox |
| Pre-install the component on the build | Pre-install the component on the build |
| Use the correct extension for style sheets | Use the correct extension for style sheets |
| Whitelist these class IDs in the IE8 Ax GPO | Whitelist these class IDs in the IE8 Ax GPO |
IE infrastructure changes
| Action detail | Description |
|---|---|
| Add X-UA-Compatible header to your web page/IIS header to force it to run in IE7 Standards Mode | Add X-UA-Compatible header to your web page/IIS header to force it to run in IE7 Standards Mode |
| Add X-UA-Compatible header to your web page/IIS header to force it to run in IE8 Standards Mode | Add X-UA-Compatible header to your web page/IIS header to force it to run in IE8 Standards Mode |
| Run web site natively in IE6 using virtualization technology | Run web site natively in IE6 using virtualization technology |
| Run web site natively in IE7 using virtualization technology | Run web site natively in IE7 using virtualization technology |
| Run web site natively in IE8 using virtualization technology | Run web site natively in IE8 using virtualization technology |
| Use a custom header on the web server to set IE8 Standards document compatibility mode | Use a custom header on the web server to set IE8 Standards document compatibility mode |
| Use a custom header on the web server to set IE9 Standards document compatibility mode | Use a custom header on the web server to set IE9 Standards document compatibility mode |
| Use a GPO to run the web page in IE7 compatibility mode | Use a GPO to run the web page in IE7 compatibility mode |
IE in-house redevelopment required
| Action detail | Description |
|---|---|
| Change the title attribute on the link element or style element that contains the style sheet instead | Change the title attribute on the link element or style element that contains the style sheet instead |
| Explicitly opt-in to HTML parsing for XSLT if your output depends on HTML parsing rules: <xsl:output method=”html”> | Explicitly opt-in to HTML parsing for XSLT if your output depends on HTML parsing rules: <xsl:output method=”html”> |
| Migrate to the standardized XSL namespace: <xsl:stylesheet xmlns:xsl=”http: //www.w3.org/1999 /XSL/Transform”> | Migrate to the standardized XSL namespace: <xsl:stylesheet xmlns:xsl=”http: //www.w3.org/1999 /XSL/Transform”> |
| Redevelop the page to adjust changes to the table object model in IE9 | Redevelop the page to adjust changes to the table object model in IE9 |
| Redevelop the page to adjust removed iframe | Redevelop the page to adjust removed iframe |
| Redevelop the page to trim white spaces where it is needed | Redevelop the page to trim white spaces where it is needed |
| Redevelop the page to use the getAttribute API to retrieve the value of user-defined content attributes | Redevelop the page to use the getAttribute API to retrieve the value of user-defined content attributes |
| Redevelop the site so that it does not use legacy properties | Redevelop the site so that it does not use legacy properties |
| Redevelop the site so that it uses CCS3, SVG and other widely supported standards instead of DX filters | Redevelop the site so that it uses CCS3, SVG and other widely supported standards instead of DX filters |
| Redevelop the site so that the eval method is called directly | Redevelop the site so that the eval method is called directly |
| Redevelop the site without using the cached pointers to call methods | Redevelop the site without using the cached pointers to call methods |
| Remove administrative DLLs and OCXs that are embedded in web pages | Remove administrative DLLs and OCXs that are embedded in web pages |
| Use the standardized xml-stylesheet processing instruction for loading XSLT: <?xml-stylesheet type=”text/xsl” href=”my.xslt”?> | Use the standardized xml-stylesheet processing instruction for loading XSLT: <?xml-stylesheet type=”text/xsl” href=”my.xslt”?> |
IE redevelopment required
| Action detail | Description |
|---|---|
| Base elements need to be moved inside the HEAD of the document | Base elements need to be moved inside the HEAD of the document |
| Bypass window.close prompt by adding window.open((‘’, ‘_self’) to the closeWin function | Bypass window.close prompt by adding window.open((‘’, ‘_self’) to the closeWin function |
| Change the file type from an image file to plain text | Change the file type from an image file to plain text |
| Create a 64 Bit version of the COM component | Create a 64 Bit version of the COM component |
| Create the element and add the attributes individually by using the setAttribute API or create the element inside a parent element | Create the element and add the attributes individually by using the setAttribute API or create the element inside a parent element by using the innerHTML API |
| If your page contains these filters, please remove or replace them | If your page contains these filters, please remove or replace them |
| Move the nested OBJECT so that it is the outermost OBJECT | Move the nested OBJECT so that it is the outermost OBJECT |
| Redevelop page to use supported DHTML behaviors | Redevelop page to use supported DHTML behaviors |
| Redevelop the page so that it does not use Document APIs via document fragments | Redevelop the page so that it does not use Document APIs via document fragments |
| Redevelop the page so that it uses full tag names while calling getElementsByTagName | Redevelop the page so that it uses full tag names while calling getElementsByTagName |
| Redevelop the page to avoid using a return statement in JavaScript protocols | Redevelop the page to avoid using a return statement in JavaScript protocols |
| Redevelop the page to remove manual binding, if support for older versions needed, use version conditional adding of binding | Redevelop the page to remove manual binding, if support for older versions needed, use version conditional adding of binding |
| Redevelop the site so that it does not use COM controls that expose Window’s Journal Hooks functions | Redevelop the site so that it does not use COM controls that expose Window’s Journal Hooks functions |
| Redevelop the site so that it does not use conditional comments | Redevelop the site so that it does not use conditional comments |
| Redevelop the site so that it does not use namespaces | Redevelop the site so that it does not use namespaces |
| Redevelop the site so that it does not use XML data islands | Redevelop the site so that it does not use XML data islands |
| Redevelop the site so that it does not write to protected locations | Redevelop the site so that it does not write to protected locations |
| Redevelop the site so that it uses SVG, Raphael JavaScript Library and other widely supported standards instead of VML | Redevelop the site so that it uses SVG, Raphael JavaScript Library and other widely supported standards instead of VML |
| Redevelop the site to avoid mixing native XML and MSXML objects | Redevelop the site to avoid mixing native XML and MSXML objects |
| Redevelop the site to make it DEP aware | Redevelop the site to make it DEP aware |
| Redevelop the site using a fixed height for IFrames | Redevelop the site using a fixed height for IFrames |
| Redevelop the site without the arguments. caller property | Redevelop the site without the arguments. caller property |
| Remove direct animation with another technology | The application needs to be redeveloped to replace direct animation with another supported technology |
| Remove references to external domains | Remove references to external domains using the src attribute for script tags |
| Remove URL paths to gopher and telnet resources | Remove URL paths to gopher and telnet resources |
| Remove XMB images and use alternative image format | The application needs to be redeveloped to remove XMB images and use an alternative image format such as .png |
| Replace API call with compliant | Discontinued or unsupported API call should be replaced with new or supported one |
| Replace CDF with the new RSS feed | The application needs to be redeveloped to replace CDF with the new RSS feed |
| Replace window on document where it is needed | Replace window on document where it is needed |
| Rework the page to add the element to document.documentElement instead | Rework the page to add the element to document.documentElement instead |
| The application needs to be redeveloped so that files are created on the web server and a clickable link is provided to users to | The application needs to be redeveloped so that files are created on the web server and a clickable link is provided to users to download the file |
| The application needs to be redeveloped so that the existence of an attribute is checked | The application needs to be redeveloped so that the existence of an attribute is checked |
| The application needs to be redeveloped to use the compliant naming standards | The application needs to be redeveloped to use the compliant naming standards |
| The application needs to be redeveloped to use the correct extension for style sheets | The application needs to be redeveloped to use the correct extension for style sheets |
| Use a character set that isn’t UTF-7 if the script needs to run | Use a character set that isn’t UTF-7 if the script needs to run |
| Use the correct case and matching | The application needs to be redeveloped to use the correct case and matching |
IE remediations
| Action detail | Description |
|---|---|
| Add site to trusted zone | Use the ActiveX Installer Service and configure policy settings using either Approved Installation Sites for ActiveX Controls or ActiveX Installation Policy for Sites in Trusted Zones |
| Disable DEP in IE | Disable DEP in IE |
| Disable Show Mixed Content in IE | Disable Show Mixed Content in IE |
| Edit the registry to remove repeats and older versions | Edit the registry to remove repeats and older versions |
| Patch your ASP.NET server | Patch your ASP.NET server |
| Pre-install the component on the build | Pre-install the component on the build |
| Relax Internet security settings | Relax the Internet security settings for ActiveX if the reduced risk of security is acceptable |
| Relax the Internet security settings by enabling scriptlets | Relax the Internet security settings by enabling scriptlets |
| Relax the Internet security settings to enable status bar updates | Relax the Internet security settings to enable status bar updates |
| Remove the kill bit | Remove the kill bit by creating the unkill registry key |
| Set the Safe for Scripting and Safe for Initialization value | Set the Safe for Scripting and Safe for Initialization value in the registry key using the ActiveX controls CLSID |
| Train users on the new functionality | Train users on the new functionality |
| Unblock the Internet security setting Script ActiveX controls marked safe for scripting | Unblock the Internet security setting Script ActiveX controls marked safe for scripting |
| Update current JavaScript framework to the latest version | Update current JavaScript framework to the latest version |
| Use the 32 bit version of IE | Use the 32 bit version of IE |
| Whitelist these class ids in the IE8 Ax GPO | Whitelist these class ids in the IE8 Ax GPO |
No remediation required
| Action detail | Description |
|---|---|
| Install admin rights | Ensure install user has admin rights |
| No Remediation Required | No Remediation Required |
Redevelopment required
| Action detail | Description |
|---|---|
| The application needs to be redeveloped to solve this issue | Redevelopment sub-action description |
Repackage
| Action detail | Description |
|---|---|
| Add the necessary customizations | Add the necessary customizations |
| Change the default installation path | Use an MST (Microsoft Transform) to modify the installation path or change it manually |
| Condition out the components | Condition out the components that install these resources |
| Create a Merge Module for shared resource | Create a Merge Module for shared resource |
| Disable DEP using MSI | Disable DEP using the MSI |
| Edit the custom action | Edit the custom action |
| Edit the MSI | Edit the MSI |
| Edit the script file called by the MSI | Edit the script file called by the MSI |
| Elevate the custom action | Elevate the custom action |
| Install this pre-requisite | Install this pre-requisite |
| Package application using Windows Installer for deployment to desktop | Package application using Windows Installer for deployment to desktop |
| Provide a substitute technology | Provide a substitute technology |
| Provide the missing resource | Provide the missing resource or install a redistributable |
| Relax permissions on the local machine | Relax permissions on the local machine using LockPermission for example |
| Remove the Lock Permissions | Remove the Lock Permissions |
| Remove this condition | Remove this condition |
| Rename the setup to Setup.EXE | Rename the setup to Setup.EXE |
| Suppress the reboot | Suppress the reboot |
| Sync component GUIDs | Sync component GUIDs |
| Transform the MSI to change ALLUSERS | Transform the MSI to change ALLUSERS |
| Transform the MSI values | Change the values in the MSI to be the new correct paths |
Sequence (Easy effort)
| Action detail | Description |
|---|---|
| Add placeholders in INI files | Add placeholders in INI files |
| Add relationship link in the sequence | Add relationship link in the sequence |
| Compress the SFT file | Compress the SFT file |
| Create dummy ODBC entries on the sequencer workstation | Create dummy ODBC entries on the sequencer workstation |
| Include missing files in the sequence | Include missing files in the sequence |
| Manually create shortcut to correct executable | Manually create shortcut to correct executable |
| Publish shortcuts in the Start Menu’s startup folder | Publish shortcuts in the Start Menu’s startup folder |
| Resolve install related shortcuts and remove from the sequence | Resolve install related shortcuts and remove from the sequence |
| Sequence application with its required service | Sequence application with its required service |
| Sequence with applications that depend on it | Sequence with applications that depend on it |
| Split application into pieces | Split application into pieces |
| Use Dynamic Suite Composition | Associate the application with its dependency using Dynamic Suite Composition |
Sequence (Hard effort)
| Action detail | Description |
|---|---|
| Deploy the service separately from the App-V package | Associate the application with its dependency using Dynamic Suite Composition |
Sequence advanced
| Action detail | Description |
|---|---|
| Configure environment variable changes | Configure environment variable changes |
| Configure user specific data to be installed within the sequence without using Active Setup | Configure user specific data to be installed within the sequence without using Active Setup |
| Further investigation required, sequence if feasible | Further investigation required, sequence if feasible |
| Use Office Deployment Tool | Use the Office Deployment Tool to create the App-V package |
Shim
| Action detail | Description |
|---|---|
| Apply CorrectFilePaths Shim | The application needs the CorrectFilePaths shim applied |
| Apply DisableNX Shim | The application needs the DisableNX shim applied |
| Apply HideCursor Shim | The application needs the HideCursor shim applied |
| Apply IgnoreMessageBox Shim | The application needs the IgnoreMessageBox shim applied |
| Apply RunAsAdmin Shim | The application needs the HideCursor shim applied |
| Apply RunAsAdmin or RunAsInvoker Shim | The application needs the RunAsAdmin or RunAsInvoker shim included, depending on whether it is administrative in nature |
| Apply RunAsInvoker Shim | The application needs the RunAsInvoker shim applied |
| Apply SessionShim Shim | The application needs the SessionShim applied |
| Apply VirtualRegistry Shim | The application needs the VirtualRegistry applied |
| Apply WRPDllRegister Shim | The application needs the WRPDllRegister Shim applied |
| Apply WRPMitigationLayer Shim | The application needs the WRPMitigation Shim applied |
| Apply WRPRegDeleteKey Shim | The application needs the WRPRegDeleteKey shim applied |
Undefined
| Action detail | Description |
|---|---|
| Not Defined | Not Defined |
Virtualization exception
| Action detail | Description |
|---|---|
| Remediation possible if splitting out component to OS | Remediation possible if splitting out component to OS |
| Remediation may be possible with extensive testing | Remediation may be possible with extensive testing |
Secure Web in-house redevelopment required
| Action detail | Description |
|---|---|
| Explicitly opt-in to HTML parsing for XSLT if your output depends on HTML parsing rules: <xsl:output method=”html”> | Explicitly opt-in to HTML parsing for XSLT if your output depends on HTML parsing rules: <xsl:output method=”html”> |
| Migrate to the standardized XSL namespace: <xsl:stylesheet xmlns:xsl=”http: //www.w3.org/1999 /XSL/Transform”> | Migrate to the standardized XSL namespace: <xsl:stylesheet xmlns:xsl=”http: //www.w3.org/1999 /XSL/Transform”> |
| Redevelop the page to adjust changes to the table object model in Secure Web | Redevelop the page to adjust changes to the table object model in Secure Web |
| Redevelop the page to trim white spaces where it is needed | Redevelop the page to trim white spaces where it is needed |
| Redevelop the site so that it does not use legacy properties | Redevelop the site so that it does not use legacy properties |
| Redevelop the site so that the eval method is called directly | Redevelop the site so that the eval method is called directly |
| Redevelop the site without using the cached pointers to call methods | Redevelop the site without using the cached pointers to call methods |
| Use the standardized xml-stylesheet processing instruction for loading XSLT: <?xml-stylesheet type=”text/xsl” href=”my.xslt”?> | Use the standardized xml-stylesheet processing instruction for loading XSLT: <?xml-stylesheet type=”text/xsl” href=”my.xslt”?> |
Secure Web redevelopment required
| Action detail | Description |
|---|---|
| Base elements need to be moved inside the HEAD of the document | Base elements need to be moved inside the HEAD of the document |
| Create the element and add the attributes individually by using the setAttribute API or create the element inside a parent element | Create the element and add the attributes individually by using the setAttribute API or create the element inside a parent element by using the innerHTML API |
| If your page contains these filters, please remove or replace them | If your page contains these filters, please remove or replace them |
| Move the nested OBJECT so that it is the outermost OBJECT | Move the nested OBJECT so that it is the outermost OBJECT |
| Redevelop page to use supported DHTML behaviors | Redevelop page to use supported DHTML behaviors |
| Redevelop the page so that it does not use Document APIs via document fragments | Redevelop the page so that it does not use Document APIs via document fragments |
| Redevelop the page so that it uses full tag names while calling getElementsByTagName | Redevelop the page so that it uses full tag names while calling getElementsByTagName |
| Redevelop the page to avoid using a return statement in JavaScript protocols | Redevelop the page to avoid using a return statement in JavaScript protocols |
| Redevelop the site so that it does not use conditional comments | Redevelop the site so that it does not use conditional comments |
| Redevelop the site so that it does not use namespaces | Redevelop the site so that it does not use namespaces |
| Redevelop the site so that it does not use XML data islands | Redevelop the site so that it does not use XML data islands |
| Redevelop the site so that it uses SVG, Raphael JavaScript Library and other widely supported standards instead of VML | Redevelop the site so that it uses SVG, Raphael JavaScript Library and other widely supported standards instead of VML |
| Redevelop the site using a fixed height for IFrames | Redevelop the site using a fixed height for IFrames |
| Redevelop the site without the arguments. caller property | Redevelop the site without the arguments. caller property |
| Remove references to external domains | Remove references to external domains using the src attribute for script tags |
| Remove URL paths to gopher and telnet resources | Remove URL paths to gopher and telnet resources |
| Remove XMB images and use alternative image format | The application needs to be redeveloped to remove XMB images and use an alternative image format such as .png |
| Replace API call with compliant | Discontinued or unsupported API call should be replaced with new or supported one |
| Replace CDF with the new RSS feed | The application needs to be redeveloped to replace CDF with the new RSS feed |
| Replace functionality of ActiveX components which are unsupported by Secure Web | Replace functionality of ActiveX components which are unsupported by Secure Web |
| Replace window on document where it is needed | Replace window on document where it is needed |
| Rework the page to add the element to document.documentElement instead | Rework the page to add the element to document.documentElement instead |
| The application needs to be redeveloped so that files are created on the web server and a clickable link is provided to users to download the file | The application needs to be redeveloped so that files are created on the web server and a clickable link is provided to users to download the file |
| The application needs to be redeveloped to use the compliant naming standards | The application needs to be redeveloped to use the compliant naming standards |
| The application needs to be redeveloped to use the correct extension for style sheets | The application needs to be redeveloped to use the correct extension for style sheets |
| Use a character set that isn’t UTF-7 if the script needs to run | Use a character set that isn’t UTF-7 if the script needs to run |
Secure Web remediations
| Action detail | Description |
|---|---|
| Disable Show Mixed Content in Secure Web | Disable Show Mixed Content in Secure Web |
| Do not use COM components which are unsupported by Secure Web | Do not use COM components which are unsupported by Secure Web |
| Pre-install the component on the build | Pre-install the component on the build |
| Use the correct extension for style sheets | Use the correct extension for style sheets |
| Whitelist these class ids in the IE8 Ax GPO | Whitelist these class ids in the IE8 Ax GPO |
XenApp
| Action detail | Description |
|---|---|
| Develop a silo plan | Develop a silo plan |
| Enable virtual IP for published applications | Enable virtual IP for published applications |
| Ensure Password Manager Agent is last GINA installed on the system | Ensure Password Manager Agent is last GINA installed on the system |
| Isolate/redirect data written to local machine registry keys | Isolate/redirect data written to local machine registry keys |
| Use Universal Printer Driver to manage printing | Use Universal Printer Driver to manage printing |