XSS (Cross Site Scripting) is a property in the portal.properties file, which is the default configuration file for Sun GlassFish Web Space Server. You can override this property using portal-ext.properties file.
Set the following to false to ensure that all persisted data is stripped of XSS hacks.
xss.allow=false |
You can override the xss.allow setting for a specific class by setting the property xss.allow plus the class name.
xss.allow.com.liferay.portal.model.Portlet=true xss.allow.com.liferay.portal.model.PortletPreferences=true |
You can override the xss.allow setting for a specific field in a class by setting the property xss.allow plus the class and field name.
xss.allow.com.liferay.portlet.journal.model.JournalArticle.content=true xss.allow.com.liferay.portlet.journal.model.JournalStructure.xsd=true xss.allow.com.liferay.portlet.journal.model.JournalTemplate.xsl=true |