Use the configuration properties described in the following table to control the way the ParameterValidator
component checks query parameters.
Property | Explanation |
---|---|
| Controls whether the Set the value of the property to See Default Values for illegalTagNames and Default Values for illegalAttributeNames. |
| A list of HTML elements that will be disallowed in URL query parameters. |
| Controls whether strings that appear to be HTML elements will be allowed in URL query parameters. Set the value of this property to Set the value of this property to |
| A list of HTML attributes that will be disallowed in URL query parameters. |
| Controls whether strings that appear to be HTML attributes will be allowed in URL query parameters. Set the value of this property to Set the value of this property to |
| A list of specific strings that will be disallowed in URL query parameters. |
| A list of Java regular expressions that describe strings that will be disallowed in URL query parameters. |
| A list of custom components that function as URL query validators for specific conditions. Set the value of this property to a comma separated list of the nucleus paths for each of the custom query validator components. For example:
|
Default Values for illegalTagNames
The ParameterValidator
component includes a set of default string values that it will include in the list of illegal tag names if you set the alwaysAddDefaults
property to true. These default string values are shown in the following list.
img
script
iframe
frame
applet
embed
object
meta
Default Values for illegalAttributeNames
The ParameterValidator
component includes a set of default string values that it will include in the list of illegal attribute names if you set the alwaysAddDefaults
property to true. These default string values are shown in the following list.
onabort
onactivate
onafterprint
onafterupdate
onafterupdate
onbeforeactivate
onbeforecopy
onbeforecut
onbeforedeactivate
onbeforeeditfocus
onbeforepaste
onbeforeprint
onbeforeunload
onbeforeupdate
onbeforeupdate
onblur
onbounce
oncellchange
oncellchange
onchange
onclick
oncontextmenu
oncontrolselect
oncopy
oncut
ondataavailable
ondatasetchanged
ondatasetcomplete
ondblclick
ondeactivate
ondrag
ondragend
ondragenter
ondragleave
ondragover
ondragstart
ondrop
onerror
onerrorupdate
onfilterchange
onfinish
onfocus
onfocusin
onfocusout
onhashchange
onhelp
oninput
onkeydown
onkeypress
onkeyup
onload
onlosecapture
onmessage
onmousedown
onmouseenter
onmouseleave
onmousemove
onmouseout
onmouseover
onmouseup
onmousewheel
onmove
onmoveend
onmovestart
onoffline
ononline
onpaste
onpropertychange
onreadystatechange
onreset
onreset
onresize
onresizeend
onresizestart
onrowenter
onrowexit
onrowsdelete
onrowsinserted
onscroll
onsearch
onselect
onselectionchange
onselectstart
onstart
onstop
onsubmit
onunload
onunload
src
Removing Default Values for illegalTagNames and illegalAttributeNames
To remove an individual, default string value from the illegalTagNames
or illegalAttributeNames
property, add the string value to either illegalTagNames
or illegalAttributeNames
with a minus sign character before it.
For example, to remove the value onscroll
from the illegalAttributeNames
property, add the following to the configuration for that property.
illegalAttributeNames+=-onscroll
Note: To remove all of the default values from both the illegalTagNames
and illegalAttributeNames
properties, set the alwaysAddDefaults
property to false.