A configuration entry used in conjunction with encodeHtml. This entry applies a level of encoding to filter all input to the system for bad HTML constructions.

All input data received by the system when using the unsafe value for the encodeHtml rule parameter applies only to well-known unsafe script tags. This functionality can be altered by using the HtmlDataInputFilterLevel configuration variable to change the filtering that is done.

Type and Usage


This entry takes one parameter, the filter level. Accepted values are:

  • none: no filtering is performed.

  • unsafe: protects against bad HTML constructions.

  • exceptsafe: allows only well-known safe constructions through the filter.



See Also