Vibe 4.0.2 and later uses the OWASP HTML Sanitizer to allow or remove HTML elements, attributes, and CSS Style properties that OpenText regards as safe
or unsafe,
as explained in the following sections:
The following HTML Elements are considered safe.
|
|
|
|
|
You can configure your Vibe site to regard additional HTML elements as safe
by doing the following:
Using a text editor, add the following parameter with the elements you are adding, to the ssf-ext.properties file.
html.safe.elements=Element1,Element2,Element3
After adding or modifying the file, you must restart Apache Tomcat for your configuration changes to take effect.
IMPORTANT:Additions to the default OWASP HTML Sanitizer settings are not supported and are regarded as unsafe by OpenText Support.
If you want OpenText to consider supporting your additions in a future Vibe release, you must submit them for consideration to OpenText via Customer Care.
The following HTML Element Attributes are considered safe by default
|
|
|
You can configure your Vibe site to regard additional HTML attributes as safe
by doing the following:
Using a text editor, add the following parameter with the attributes you are adding, to the ssf-ext.properties file.
html.safe.attributes=Attribute1,Attribute2,Attribute3
After adding or modifying the file, you must restart Apache Tomcat for your configuration changes to take effect.
IMPORTANT:Additions to the default OWASP HTML Sanitizer settings are not supported and are regarded as unsafe by OpenText Support.
If you want OpenText to consider supporting your additions in a future Vibe release, you must submit them for consideration to OpenText via Customer Care.
Vibe limits the following HTML elements as indicated.
href
Allowed on <a/> tags
Allowed URL protocols are http, https and mailto
src
Allowed on <img/> tags
Allowed URL protocols are http, https, mailto and data
For embedded images, allowed mime-types are:
data:image/jpeg;
data:image/png;
data:image/gif;
The following is a list of CSS style properties in style
attributes are considered safe.
|
|
|
You can configure your Vibe site to regard additional CSS Style Properties as safe
by doing the following:
Using a text editor, add the following parameter with the properties you are adding, to the ssf-ext.properties file.
css.safe.properties=Property1,Property2,Property3
After adding or modifying the file, you must restart Apache Tomcat for your configuration changes to take effect.
IMPORTANT:Additions to the default OWASP HTML Sanitizer settings are not supported and are regarded as unsafe by OpenText Support.
If you want OpenText to consider supporting your additions in a future Vibe release, you must submit them for consideration to OpenText via Customer Care.