Name

global.HTMLSanitizerConfig

Description

The HTML sanitizer works by checking the built-in white list for markup you always want to preserve. The sanitizer provides a Script Include you can use to modify the built-in white list. You can also add items to the black list, which overrides the white list. Configuration Format There are two JavaScript Objects, HTML_WHITELIST and HTML_BLACKLIST, which have the following format. HTML_XXXXLIST { globalAttributes { attribute attribute-name1,... , attributeValuePattern { attribute-name2 attribute-value-regex-pattern,...} }, { // Same as Above }, - - - - } globalAttributes Note that this is not an element by itself. The attribute/attributeValuePattern under this are applicable globally for all HTML elements. attribute This is a comma-separated list of attributes. attributeValuePattern This is a dictionary of attribute to attribute-value-regex-pattern pairs. The attribute-value-regex-pattern is a regular expression which has to match the attribute value. NOTE1 Please review built-in white list configuration before editing this Script Include. NOTE2 class is a JavaScript reserved word. If needed, use Class (Uppercase C) instead. Example HTML_WHITELIST { globalAttributes { attribute id , name , attributeValuePattern {Class .* } }, img { attribute style , align , attributeValuePattern {src .*jpeg } }, iframe {}, }

Script

var HTMLSanitizerConfig = Class.create();
HTMLSanitizerConfig.prototype = {
  initialize: function() {
  },
  
  HTML_WHITELIST : {
  	globalAttributes: {
  		attribute:[],
  		attributeValuePattern:{}
  	},
  },
  
  HTML_BLACKLIST : {
  	globalAttributes: {},
  },
  
  getWhiteList : function() {
  	return this.HTML_WHITELIST;
  },
  
  getBlackList : function() {
  	return this.HTML_BLACKLIST;
  },
  
  type: 'HTMLSanitizerConfig'
};

Sys ID

f672f983c312010016194ffe5bba8f5c

Offical Documentation

Official Docs: