getXssConfiguration
get
/ccadmin/v1/merchant/xssConfiguration
Get the anti-XSS (anti-cross-site-scripting) configuration. Shows exempted endpoints (by id or uri prefix) and allowed XML tags and attributes. Also configures a second HTML-parser-based scanner that has independent configuration for attributes, tags, and whether it is enabled.
Request
There are no request parameters for this operation.
Back to TopResponse
Supported Media Types
- application/json
200 Response
Following model is returned when operation succeeds.
Root Schema : getXssConfiguration_response
Type:
Show Source
object-
endpointIdsToAlwaysValidate(optional):
array endpointIdsToAlwaysValidate
Editable endpoint ids that will be XSS validated even if they fall under the whitelists.
-
endpointIdsWhitelist(optional):
array endpointIdsWhitelist
Editable whitelist of endpoint ids that will not perform XSS validation.
-
htmlValidatorAllowedAttributeAdditions(optional):
array htmlValidatorAllowedAttributeAdditions
Editable list of additional attribute names for the HTML parser-based anti-XSS validator to allow.
-
htmlValidatorAllowedTagAdditions(optional):
array htmlValidatorAllowedTagAdditions
Editable list of additional tag names for the HTML parser-based anti-XSS validator to allow.
-
htmlValidatorEnabled(optional):
boolean
Whether the HTML parser-based anti-XSS validator is enabled.
-
illegalAttributeNames(optional):
array illegalAttributeNames
Editable illegal XML attribute name list.
-
tagWhitelist(optional):
array tagWhitelist
The list of XML tags that are allowed via whitelist. This is the built-in list and is read-only
-
tagWhitelistAdditions(optional):
array tagWhitelistAdditions
The list of additional XML tags that are allowed via whitelist. This is the editable list.
-
uriPrefixesWhitelist(optional):
array uriPrefixesWhitelist
Editable whitelist of endpoint URI prefixes that will not perform XSS validation.
Nested Schema : endpointIdsToAlwaysValidate
Type:
arrayEditable endpoint ids that will be XSS validated even if they fall under the whitelists.
Show Source
Nested Schema : endpointIdsWhitelist
Type:
arrayEditable whitelist of endpoint ids that will not perform XSS validation.
Show Source
Nested Schema : htmlValidatorAllowedAttributeAdditions
Type:
arrayEditable list of additional attribute names for the HTML parser-based anti-XSS validator to allow.
Show Source
Nested Schema : htmlValidatorAllowedTagAdditions
Type:
arrayEditable list of additional tag names for the HTML parser-based anti-XSS validator to allow.
Show Source
Nested Schema : illegalAttributeNames
Type:
arrayEditable illegal XML attribute name list.
Show Source
Nested Schema : tagWhitelist
Type:
arrayThe list of XML tags that are allowed via whitelist. This is the built-in list and is read-only
Show Source
Nested Schema : tagWhitelistAdditions
Type:
arrayThe list of additional XML tags that are allowed via whitelist. This is the editable list.
Show Source
Nested Schema : uriPrefixesWhitelist
Type:
arrayEditable whitelist of endpoint URI prefixes that will not perform XSS validation.
Show Source
Example Response (application/json)
{
"htmlValidatorEnabled":[
"true"
],
"htmlValidatorAllowedAttributeAdditions":[
"style"
],
"endpointIdsWhitelist":[
"applicationJavaScript"
],
"uriPrefixesWhitelist":[
"/ccadmin/v1"
],
"illegalAttributeNames":[
"onabort",
"onactivate",
"onafterprint",
"onafterupdate",
"onbeforeactivate",
"onbeforecopy",
"onbeforecut",
"onbeforedeactivate",
"onbeforeeditfocus",
"onbeforepaste",
"onbeforeprint",
"onbeforeunload",
"onbeforeupdate",
"onblur",
"onbounce",
"oncellchange",
"onchange",
"onclick",
"oncontextmenu",
"oncontrolselect",
"oncopy",
"oncut",
"ondataavailable",
"ondatasetchanged",
"ondatasetcomplete",
"ondblclick",
"ondeactivate",
"ondrag",
"ondragend",
"ondragenter",
"ondragleave",
"ondragover",
"ondragstart",
"ondrop",
"onerror",
"onerrorupdate",
"onfilterchange",
"onfinish",
"onfocus",
"onfocusin",
"onfocusout",
"onhashchange",
"onhelp",
"oninput",
"onkeydown",
"onkeypress",
"onkeyup",
"onload",
"onlosecapture",
"onmessage",
"onmousedown",
"onmouseenter",
"onmouseleave",
"onmousemove",
"onmouseout",
"onmouseover",
"onmouseup",
"onmousewheel",
"onmove",
"onmoveend",
"onmovestart",
"onoffline",
"ononline",
"onpaste",
"onpropertychange",
"onreadystatechange",
"onreset",
"onresize",
"onresizeend",
"onresizestart",
"onrowenter",
"onrowexit",
"onrowsdelete",
"onrowsinserted",
"onscroll",
"onsearch",
"onselect",
"onselectionchange",
"onselectstart",
"onstart",
"onstop",
"onsubmit",
"onunload",
"src"
],
"htmlValidatorAllowedTagAdditions":[
"p"
],
"tagWhitelistAdditions":[
"bar",
"foo"
],
"tagWhitelist":[
"a",
"abbr",
"acronym",
"address",
"b",
"big",
"blockquote",
"br",
"caption",
"cite",
"code",
"col",
"colgroup",
"dd",
"defn",
"del",
"dir",
"dt",
"em",
"h1",
"h2",
"h3",
"h4",
"h5",
"h6",
"hr",
"i",
"img",
"ins",
"kbd",
"li",
"link",
"menu",
"ol",
"p",
"pre",
"q",
"samp",
"small",
"strong",
"sub",
"sup",
"table",
"tbody",
"td",
"tfoot",
"th",
"thread",
"tr",
"tt",
"ul",
"var"
],
"endpointIdsToAlwaysValidate":[
"createProduct",
"updateProduct"
]
}