A configuration entry used in conjunction with encodeHtml. This entry applies a level of encoding to filter all input to the system for bad HTML constructions.
All input data received by the system when using the
unsafe value for the
rule parameter applies only to well-known unsafe script tags. This functionality can be altered by using the
HtmlDataInputFilterLevel configuration variable to change the filtering that is done.
This entry takes one parameter, the filter level. Accepted values are:
none: no filtering is performed.
unsafe: protects against bad HTML constructions.
exceptsafe: allows only well-known safe constructions through the filter.
Managing Security and User Access Guide