Error when uploading dockets - blocked access by Cloudflare
The file contains a hyperlink that our system security is blocking due to it could be malicious link. The Cloudflare raised the XSS: Jquery vulnerability due to below reason:
Why your file was blocked
You may have a PDF named which has rendered content and links
- There is a clickable URL with Markdown-style formatting:
- It's shown in duplicate format — both a visible link and embedded hyperlink.
While this looks benign, some PDF generators or copy-pasted content from tools like Word or CMS platforms may inadvertently embed links like:
htmlCopyEdit<a href="javascript:void(0)">Transcript</a>
or contain malformed URI tags that trigger WAF rules.
Even if no javascript:
link is visible, the PDF internally may contain:
- Encoded strings like
javascript:void(0)
- Obfuscated script tags or action triggers
- Embedded JS functionality (e.g., Acrobat scripting)
✅ How to fix / safely upload
Here are your options:
🛠️ 1. Scan & clean the PDF
- Use tools like PDF X-RAY Lite or
pdfid.py
to scan for embedded JavaScript - Or open in Adobe Acrobat and go to:
File → Properties → JavaScript
— and remove all scripts
✂️ 2. Re-export or reprint as PDF
- Open the file in a viewer (like Chrome, Word, Acrobat)
- Print to PDF or export as a flattened version
- This strips scripts and hidden metadata that might trigger WAF
☁️ 3. Bypass for internal uploads (optional)
- If this upload is safe and used only internally, you can:
- Disable Cloudflare WAF for the specific upload endpoint
- Or add a WAF rule to allow this file signature (not recommended unless well controlled)
markdownCopyEdithttps://www.westernsydney.edu.au/graduation_ceremonies/graduating/documents/academic_transcript