Configuring HTML sanitizer

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • You must modify a script include to make configuration changes to the HTML sanitizer.

    Avant de commencer

    Role required: admin

    Procédure

    1. Navigate to All > System Definition > Script Includes.
    2. Open HTMLSanitizerConfig.
    3. To add items to the exclusion list, use the HTML_BLACKLIST class.

      To add items to the inclusion list, use the HTML_WHITELIST class.

      Use this format:

      HTML_XXXXLIST :{
        globalAttributes :{ 
 
            attribute:[attribute-name1,...],
            attributeValuePattern:{ attribute-name2:attribute-value-regex-pattern,...}
 
        },<html-element-name>:{// Same as Above},----}
      • globalAttributes contains attribute or attributeValuePattern items that are applicable globally for all the HTML elements.
      • attribute is a comma-separated list of attributes.
      • attributeValuePattern is a dictionary of attribute to attribute-value-regex-pattern pairs. The attribute-value-regex-pattern is a regular expression which has to match the attribute value.

    Exemple

    Consider the following example:

    HTML_WHITELIST:{
        globalAttributes:{
            attribute:["id","name"],},
        img:{
            attribute:["style","align"],
            attributeValuePattern:{src:".*jpeg"}}, 
        iframe:{},}

    It adds the following items to the inclusion list:

    • The global attributes id and name. This is a list of strings that can be applied globally to all the elements.
    • The img element where the attributes are style and align.
    • The img element where the source attribute of the image is a file with the .jpeg extension. This is an example of a regular expression pattern that matches an attribute value.
    • The iframe element.