<!-- the set of HTML tags considered safe for rendering when mixing with existing client-side output -->
<!-- NOTE: define all tags in UPPER CASE only -->
<property name='tagWhiteList'>
<set>
<value>!DOCTYPE</value>
<value>HTML</value>
<value>HEAD</value>
<value>BODY</value>
<value>META</value>
<value>BASE</value>
<value>TITLE</value>
<value>LINK</value>
<value>CENTER</value>
<value>EM</value>
<value>STRONG</value>
<value>SUP</value>
<value>SUB</value>
<value>P</value>
<value>B</value>
<value>I</value>
<value>U</value>
<value>BR</value>
<value>UL</value>
<value>OL</value>
<value>LI</value>
<value>H1</value>
<value>H2</value>
<value>H3</value>
<value>H4</value>
<value>H5</value>
<value>H6</value>
<value>SPAN</value>
<value>DIV</value>
<value>A</value>
<value>IMG</value>
<value>FONT</value>
<value>TABLE</value>
<value>THEAD</value>
<value>TBODY</value>
<value>TR</value>
<value>TH</value>
<value>TD</value>
<value>HR</value>
<value>DT</value>
<value>DL</value>
<value>DT</value>
<value>PRE</value>
<value>BLOCKQUOTE</value>
<value>BUTTON</value>
<value>CODE</value>
<value>FORM</value>
<value>OPTION</value>
<value>SELECT</value>
<value>TEXTAREA</value>
</set>
</property>
<!-- The set of HTML tag attributes that are to be removed before rendering -->
<!-- NOTE: define all attributes in UPPER CASE only -->
<!-- IMPORTANT: JavaScript event handler attributes starting with 'on' are always removed -->
<property name='attributeBlackList'>
<set>
<value>STYLE</value>
</set>
</property>
<!-- The set of HTML tag attributes that are considered for sanitisation i.e. script content removed -->
<!-- NOTE: define all attributes in UPPER CASE only -->
<property name='attributeGreyList'>
<set>
<value>SRC</value>
<value>DYNSRC</value>
<value>LOWSRC</value>
<value>HREF</value>
<value>BACKGROUND</value>
</set>
</property>
<property name='attributeBlackList'>
<set>
<value>STYLE</value>
</set>
</property>
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans-2.0.dtd'>
<beans>
<!-- Override HTML processing black list -->
<bean id='webframework.webscripts.stringutils' parent='webframework.webscripts.stringutils.abstract'
class='org.springframework.extensions.webscripts.ui.common.StringUtils'>
<property name='attributeBlackList'>
<set></set>
</property>
</bean>
</beans>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.