Automating HTML Sanitization in OBIEE: Securing BI Platforms Without Compromising Usability

Abstract

As Business Intelligence (BI) platforms remain integral to enterprise operations, ensuring their security is a top priority. Platforms like Oracle Business Intelligence Enterprise Edition (OBIEE) are widely used for reporting and analysis but can carry risks from embedded HTML content. This paper presents a scalable and automated approach to mitigate Cross-Site Scripting (XSS) vulnerabilities within OBIEE reports and dashboards. We outline a detailed methodology involving catalog extraction, HTML tag parsing, sanitization using html5lib and bleach, and secure redeployment. Key findings indicate a substantial reduction in remediation time and XSS risk. The study also contributes to practice by offering a replicable DevSecOps integration pipeline. Its theoretical value lies in demonstrating a practical framework for balancing security with usability in enterprise BI systems. Real-world scenarios, technical architecture examples, and implementation guidance are provided.