OFBiz

allow-html="safe" Meaning

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
dhiraj.g
Reply | Threaded
Open this post in threaded view
|

allow-html="safe" Meaning

dhiraj.g
Hi ,
Why we uesd  allow-html="safe" in service.

Thanks
Dhiraj Gupta
Dhiraj Gupta
Paul Foxworthy
Reply | Threaded
Open this post in threaded view
|

Re: allow-html="safe" Meaning

Paul Foxworthy
Hi Dhiraj,

OFBiz uses AntiSamy from the Open Web Application Security Project (OWASP). See https://www.owasp.org/index.php/AntiSamy for an introduction. AntiSamy filters incoming data to prevent cross site scripting (XSS) attacks.

The allow-html setting can be set to "none" to prevent any HTML input to a service, "safe" to allow limited HTML content but deny dangerous content such as script, or "any".

I hope that helps.

Cheers

Paul Foxworthy

dhiraj.g wrote
Hi ,
Why we uesd  allow-html="safe" in service.

Thanks
Dhiraj Gupta
--
Coherent Software Australia Pty Ltd
http://www.coherentsoftware.com.au/

Bonsai ERP, the all-inclusive ERP system
http://www.bonsaierp.com.au/
Free forum by Nabble Edit this page