Using an alternate HTML Sanitizer config for a particular column
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
7 hours ago
Hello, friends!
Our HTML Sanitizer is removing some attributes from iframe tags in Knowledge article text, which is preventing our users from embedding videos in articles. We know how to add this exclusion to the HTML Sanitizer, but we do not want to allow iframe tags on any other fields besides Knowledge article text. Additionally, we do not want to completely disable HTML Sanitization for this column by using the "html_sanitize=false" attribute.
In other words, we would like to allow some attributes for only a single HTML tag (iframe) on a single column (kb_knowledge.text), but leave the HTML Sanitizer behavior unchanged for all other fields.
I found a dictionary attribute called "html_sanitize_config" listed here, which sounds like what we need, because it would allow us to reference an alternative HTML Sanitizer config for this one column only. However, I am confused by the description, which says: "If present, performs sanitization using the specified configuration file instead of the default platform sanitizer. For example, the Embedded Help [sys_embedded_help_content] table uses a specified file (EmbeddedHelpSanitizerConfig) for the help Content field."
I'm not sure what a "configuration file" means in this context. I initially thought it meant a script include, in the same format as HTMLSanitizerConfig, so I copied the HTMLSanitizerConfig script include, added the attribute, and then added ",html_sanitize_config=HTMLSanitizerConfigForKnowledgeText" to kb_knowledge.text. However, this seemed to prevent all sanitization from occurring, so I'm assuming there was some internal error (though I couldn't find any logs about it). I tried reverting the new script include to match the original (besides the class name), but that had the same effect. I also tried including the scope in front of the script include's name, but no change.
I can't find any additional documentation on this... There are no results for "html_sanitize_config" in this forum, and the only result on Google is that dictionary attribute documentation page linked above. The HTML Sanitizer documentation doesn't seem to mention it either, nor does it mention what a "configuration file" could be referring to, nor is there any indication of a way to setup an alternative sanitizer config.
Does anyone know how to use the html_sanitize_config attribute, or do you know of any other way to whitelist a single HTML tag attribute on a single table column?
Thank you!
