HTML email template error: "Your template contains active content, which can't be verified as safe"
|Knowledge Article Number||000233234|
With the Summer ‘16 release this feature was further enhanced to include extra security fixes to mitigate potential malicious exploits against organizations containing editing or using the templates.. This may translate to users encountering XSS errors at a more frequent rate than prior to the Summer ‘16 release.
Here are a few examples of known XSS vectors:
src="data:image/png;base64 - (When adding images to templates please link to publicly available images in the documents tab)
When the HTML editor detects any such XSS vectors, it will prevent the template from being saved and display the error message "Your template contains active content, which can't be verified as safe".
The error also happens when migrating HTML templates containing XSS vectors using change sets, and when an automated process tries to use or update these templates.
In order to get rid of the error message, and to save an HTML template, administrators must edit their template and delete any XSS vectors that may be exploited..