A configuration entry used in conjunction with encodeHtml. This entry applies a level of encoding to filter all input to the system for bad HTML constructions.
All input data received by the system when using the unsafe
value for the encodeHtm
l rule
parameter applies only to well-known unsafe script tags. This functionality can be altered by using the HtmlDataInputFilterLevel
configuration variable to change the filtering that is done.
This entry takes one parameter, the filter level. Accepted values are:
none: no filtering is performed.
unsafe: protects against bad HTML constructions.
exceptsafe: allows only well-known safe constructions through the filter.
IntradocDir/config/config.cfg
Managing Security and User Access Guide